Another idea for my SNI

[daemond () ibm net]

-----BEGIN PGP SIGNED MESSAGE-----

Came up with another idea of interest for my SNI:

* Have the external router block outbound TCP packets with the source
address of machines in the DMZ with ports < 1023 with the ACK bit unset
(this'll keep a cracker from using them to leap frog elsewhere).

- -------------------------------------------------------------------------
Geoff Gowey             | NetBSD: the best multi-platform OS 
daemond(at)ibm.net      | www.netbsd.org
*************************************************************************
My PGP Key is availiable on my home page at: *
www.geocities.com/ResearchTriangle/Lab/6749/ * Key id: 35E887AD
Length: 2048-bit | RSA Encryption | Generation date: January 19th, 1998
=========================================================================
"All I ask is for the chance to prove that money can't buy me happiness"
=========================================================================
Spammers beware: I do not buy from companies that spam and I keep track!
Above policy STRICTLY ENFORCED!
*************************************************************************


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBNMbKHwhkJ2A16IetAQHhSgf/TPfrmFmOUi4B/0+8TzZv32nsFYtKcqjP
ODc11iinBmgy25VwfSFj8dC/2waA0YeP9lhrMvdlKeGrSlia67z+DaMTaGz46EWE
czCh4/c4X6DO99qA2ig0QiJN02vppX9gOFbz4MFbC9ehA+f9iek2dL/yfZApsziU
qrLafbLbosdRocDaT6/jkfhfu6do6fW9fw1ytJkNoTD+EHper8mX9trO02T4BT2h
R9crkLPn7UDRIOfbyuOQbpLNwtpMRSCRCNZdrvBsoIOJLWjKjJEUrT5nyZawStCc
qvTeCzFM3HezOOzphwSupwTacF47yjkCzN1m7gEolXBr9omRD0eDRA==
=uPmv
-----END PGP SIGNATURE-----