nanog mailing list archives
Re: Port blocking last resort in fight against virus
From: "Christopher L. Morrow" <chris () UU NET>
Date: Wed, 13 Aug 2003 22:37:31 +0000 (GMT)
On Wed, 13 Aug 2003, Steven M. Bellovin wrote:
In message <Pine.GSO.4.53.0308131452310.19594 () rampart argfrp us uu net>, "Chris topher L. Morrow" writes:This is the point, atleast I, have been trying to make for 2 years... end systems, or as close to that as possible, need to police themselves, the granularity and filtering capabilities (content filtering even) are available at that level alone.It's just not possible. Believe it or not, I don't much like firewalls. But see slide 5 of a talk I gave in May, 1994 (http://www.research.att.com/~smb/talks/firewalls.ps or http://www.research.att.com/~smb/talks/firewalls.pdf) for why we need them. We'll *always* have buggy code.
... long message trimmed .... I'm not entirely sure where you have shown that 'filtering as close to the end system as possible' is not possible. You mention that in extreme circumstances ISP's might have to step in to save the network from itself, which I agreed much earlier was the case. You did not, however, show that end systems and their local admin gruops can't police their own networks and help to make these problems much more difficult and noisy.
Current thread:
- RE: Port blocking last resort in fight against virus, (continued)
- RE: Port blocking last resort in fight against virus Randy Bush (Aug 12)
- RE: Port blocking last resort in fight against virus Mike Jezierski - BOFH (Aug 12)
- RE: Port blocking last resort in fight against virus Jason Frisvold (Aug 13)
- RE: Port blocking last resort in fight against virus Randy Bush (Aug 12)
- RE: Port blocking last resort in fight against virus Matthew Kaufman (Aug 13)
- RE: Port blocking last resort in fight against virus Mark Segal (Aug 12)
- RE: Port blocking last resort in fight against virus McBurnett, Jim (Aug 13)
- RE: Port blocking last resort in fight against virus Stephen J. Wilcox (Aug 13)
- Re: Port blocking last resort in fight against virus Mans Nilsson (Aug 13)
- RE: Port blocking last resort in fight against virus Stephen J. Wilcox (Aug 13)
- RE: Port blocking last resort in fight against virus Temkin, David (Aug 13)
- Re: Port blocking last resort in fight against virus Steven M. Bellovin (Aug 13)
- Re: Port blocking last resort in fight against virus Christopher L. Morrow (Aug 13)
- Re: Port blocking last resort in fight against virus Joe Provo (Aug 14)