Firewall Wizards mailing list archives
Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Tue, 26 Aug 2003 17:07:46 -0400
Bret Watson wrote:
A better solution is this.. in the DMZ place a H323 gatekeeper with routed proxying turned on, restrict the port ranges to the number of simultaneous connections you expect to receive..
Y'know, I think I must just be "retro" but I think there's no how, no way that netmeeting has any business entering or exiting a mission-critical network. I.e..: if it's worth firewalling, it's best to not allow this kind of stuff at all. Of course the users will scream. But they will always scream anyhow. How long will it be before someone writes a worm that uses it? Then everyone'll be scrambling for a "solution" to the problem once the horse has left the barn. There's a "solution" for this crud and that's not to run the risk in the first place... Sorry - I'm feeling extremely curmudgeonly today. In my inbox I had *5* reports of mission-critical networks that were taken down by various worms in the last week. Why's that? On the surface, the answer is "RPC bug" but the REAL answer is "people should not be connecting mission-critical networks to the Internet - even with firewalls." A small handful of us have been singing this song quietly in the corner for about 12 years, now. Is anyone going to ever "get it"?? mjr. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Apple's iSight and Firewalls Jim Seymour (Aug 20)
- Re: Apple's iSight and Firewalls Bartek Krajnik (Aug 25)
- Setting up H323 IP telephony etc - was Re: Apple's iSight and Firewalls Bret Watson (Aug 26)
- Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls Marcus J. Ranum (Aug 26)
- Re: Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls Paul Robertson (Aug 26)
- Re: Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls Frederick M Avolio (Aug 26)
- Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls Bret Watson (Aug 27)
- Re: Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls Frederick M Avolio (Aug 27)
- Re: Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls Marcus J. Ranum (Aug 28)
- Setting up H323 IP telephony etc - was Re: Apple's iSight and Firewalls Bret Watson (Aug 26)
- Re: Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls Barney Wolff (Aug 27)
- Re: Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls Marcus J. Ranum (Aug 27)
- Re: Apple's iSight and Firewalls Bartek Krajnik (Aug 25)
- Re: Setting up H323 IP telephony etc - was Re: Apple's iSight and Firewalls Bartek Krajnik (Aug 28)
- <Possible follow-ups>
- RE: Apple's iSight and Firewalls Dave Killion (Aug 20)
- RE: Apple's iSight and Firewalls black (Aug 21)