nanog mailing list archives
Re: Arguing against using public IP space
From: Valdis.Kletnieks () vt edu
Date: Tue, 15 Nov 2011 09:17:20 -0500
On Tue, 15 Nov 2011 10:57:32 GMT, Leigh Porter said:
Well this is not quite true, is it.. If your firewall is not working and you have private space internally then you are a lot better off then if you have public space internally! So if your firewall is not working then having private space on one side is a hell of a lot more secure!
By the same token, if your firewall fails closed rather than fails open, you're more secure. And this is totally overlooking the fact that the vast majority of *actual* attacks these days are web-based drive-bys and similar things that most firewalls are configured to pass through. Think about it - if a NAT'ed firewall provides any real protection against real attacks, why are there still so many zombied systems out there? I mean, Windows Firewall has been shipping with inbound "default deny" since XP SP2 or so. How many years ago was that? And what *real* security over and above that host-based firewall are you getting from that appliance? Or as Dr Phil would say "FIrewalls - how is that working out for you?"
Attachment:
_bin
Description:
Current thread:
- Re: Arguing against using public IP space, (continued)
- Re: Arguing against using public IP space William Herrin (Nov 13)
- Re: Arguing against using public IP space Phil Regnauld (Nov 13)
- Re: Arguing against using public IP space Doug Barton (Nov 13)
- RE: Arguing against using public IP space Chuck Church (Nov 13)
- Re: Arguing against using public IP space Phil Regnauld (Nov 13)
- RE: Arguing against using public IP space Chuck Church (Nov 13)
- RE: Arguing against using public IP space McCall, Gabriel (Nov 14)
- Re: Arguing against using public IP space William Herrin (Nov 14)
- Re: Arguing against using public IP space Owen DeLong (Nov 15)
- Re: Arguing against using public IP space Leigh Porter (Nov 15)
- Re: Arguing against using public IP space Valdis . Kletnieks (Nov 15)
- RE: Arguing against using public IP space Chuck Church (Nov 15)
- Re: Arguing against using public IP space Leigh Porter (Nov 15)
- Re: Arguing against using public IP space Valdis . Kletnieks (Nov 15)
- Re: Arguing against using public IP space William Herrin (Nov 13)
- Re: Arguing against using public IP space William Herrin (Nov 15)
- Re: Arguing against using public IP space -Hammer- (Nov 15)
- Re: Arguing against using public IP space Cameron Byrne (Nov 15)
- Re: Arguing against using public IP space -Hammer- (Nov 15)
- Re: Arguing against using public IP space Valdis . Kletnieks (Nov 15)
- Re: Arguing against using public IP space Jay Ashworth (Nov 15)
- Re: Arguing against using public IP space Owen DeLong (Nov 15)