Firewall Wizards mailing list archives
Re: Inspecting routers
From: Ng Pheng Siong <ngps () netmemetic com>
Date: Tue, 26 Nov 2002 23:38:52 +0800
On Mon, Nov 25, 2002 at 05:22:57PM -0800, Kyle R. Hofmann wrote:
On Mon, 25 Nov 2002 18:20:49 +0100, Lorens Kockum wrote:You said only 80 and 443, that's incoming, can the webservers initiate connections to the outside? If they can, stateful filtering on the external router could maybe be a good idea.Even if they can, should they? I can't think of a compelling reason for them to be initiating connections to the outside world, but I don't know how they're setup.
One example is a web application that "aggregates content" available elsewhere, say, raw data feed sold by Reuters and the like. The alternative to web or application servers connecting outwards is some kind of multi-tier architecture with fancy routing and firewalling to suck such data from somewhere else and pump them into the web farm, typically thru some mega-buck "content management" system. I've seen such attempts - mind-boggling, they are. Ahh, those dot.com days... -- Ng Pheng Siong <ngps () netmemetic com> * http://www.netmemetic.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Inspecting routers Pierre-Yves (Nov 25)
- Re: Inspecting routers Lorens Kockum (Nov 25)
- Re: Inspecting routers Mikael Olsson (Nov 25)
- Re: Inspecting routers Kyle R. Hofmann (Nov 25)
- Re: Inspecting routers Lorens Kockum (Nov 26)
- Re: Inspecting routers Ng Pheng Siong (Nov 26)
- RE: Inspecting routers Ben Nagy (Nov 26)
- Re: Inspecting routers Lorens Kockum (Nov 25)