nanog mailing list archives
Re: How to secure the Internet in three easy steps
From: Sean Donelan <sean () donelan com>
Date: Fri, 25 Oct 2002 14:57:23 -0400 (EDT)
On 25 Oct 2002, Paul Vixie wrote:
1. Require all providers install and manage firewalls on all subscriber connections enforcing source address validation.i can see how the end to end principle applies in cases 2 and 3, but not 1.
I didn't make any of these up. They've all been proposed by serious, well-meaning people. If you have 2 and 3, why do you need to waste global addresses on 1. So the NSP managed "firewall" device is really a super-NAT device, which some well-meaning people believe NAT improves security becauses users won't be able to set the outbound addresses themselves. The firewall will rewrite the user's hidden internal address with the firewall's registered address. Its a mis-understanding of what source address validation is. Some folks think it should work like ANI, where the telephone company writes the "correct" number on the call at the switch.
Current thread:
- Re: DNS issues various, (continued)
- Re: DNS issues various Valdis . Kletnieks (Oct 24)
- Re: DNS issues various Kelly J. Cooper (Oct 24)
- Re: DNS issues various Valdis . Kletnieks (Oct 24)
- Re: DNS issues various Barry Shein (Oct 24)
- Re: DNS issues various Sean Donelan (Oct 24)
- Re: DNS issues various Barry Shein (Oct 24)
- Re: DNS issues various Peter Salus (Oct 24)
- Re: DNS issues various Ben Browning (Oct 24)
- How to secure the Internet in three easy steps Sean Donelan (Oct 25)
- Re: How to secure the Internet in three easy steps Paul Vixie (Oct 25)
- Re: How to secure the Internet in three easy steps Sean Donelan (Oct 25)
- Re: How to secure the Internet in three easy steps Paul Vixie (Oct 25)
- RE: How to secure the Internet in three easy steps Sameer R. Manek (Oct 25)
- Re: How to secure the Internet in three easy steps Etaoin Shrdlu (Oct 25)
- Re: How to secure the Internet in three easy steps Ryan Fox (Oct 25)
- Re: How to secure the Internet in three easy steps Paul Vixie (Oct 25)
- Re: How to secure the Internet in three easy steps Sean Donelan (Oct 25)
- Re: How to secure the Internet in three easy steps Scott Granados (Oct 25)
- Re: How to secure the Internet in three easy steps batz (Oct 25)
- Re: How to secure the Internet in three easy steps Paul Vixie (Oct 25)
- Re: How to secure the Internet in three easy steps Sean Donelan (Oct 26)