Firewall Wizards mailing list archives
RE: NAT Pseudo Security
From: "Paul D. Robertson" <paul () compuwar net>
Date: Wed, 5 May 2004 19:37:25 -0400 (EDT)
On Wed, 5 May 2004, Frank Knobbe wrote:
Hey Ben, I prefer people pull out old topics and discuss them fresh from time to time. While a FAQ is useful for guiding those that seek knowledge, I think it's very important that we periodically review those things that we hammered in stone a few years ago. The chances that we see it in a different light, or have new thoughts on it, are well worth the rehashing.
I sometimes get pinged about why I allow a post on an old topic, and it's exactly this philosophy, as well as the fact that things change over time, and different people come in and out. For example, Daniel Hartmeier's great stats on stateful filters versus static filters last time we took that ride gave different answers than I'd expected.
Anyhow, let's not complain if someone brings up old topics, but take a minute to look at it again, and either nod approvingly or go "hey, here's a new thought". Remember, the risks of TCP resets were discussed decades ago, and we just now got around to improving router security. :)
I still think we need bigger sequence numbers. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- NAT Pseudo Security Lee T. Christie (May 04)
- Re: NAT Pseudo Security Srini (May 04)
- Re: NAT Pseudo Security Mikael Olsson (May 04)
- RE: NAT Pseudo Security Ben Nagy (May 05)
- RE: NAT Pseudo Security Paul D. Robertson (May 05)
- RE: NAT Pseudo Security Frank Knobbe (May 05)
- RE: NAT Pseudo Security Paul D. Robertson (May 05)
- RE: NAT Pseudo Security David Lang (May 06)
- RE: NAT Pseudo Security Ben Nagy (May 05)
- <Possible follow-ups>
- Re: NAT Pseudo Security salgak (May 04)
- VPN testing utility lordchariot (May 04)
- Re: NAT Pseudo Security R. DuFresne (May 05)
- RE: NAT Pseudo Security Melson, Paul (May 04)
- RE: NAT Pseudo Security Sloane, David (May 04)
- RE: NAT Pseudo Security Chris Carlson (May 04)
- RE: NAT Pseudo Security Daniel Chemko (May 06)
- RE: NAT Pseudo Security David Lang (May 06)
- RE: NAT Pseudo Security Melson, Paul (May 06)