RE: NAT Pseudo Security

["Paul D. Robertson" <paul () compuwar net>]

On Wed, 5 May 2004, Frank Knobbe wrote:

> Hey Ben,
>
> I prefer people pull out old topics and discuss them fresh from time to
> time. While a FAQ is useful for guiding those that seek knowledge, I
> think it's very important that we periodically review those things that
> we hammered in stone a few years ago. The chances that we see it in a
> different light, or have new thoughts on it, are well worth the
> rehashing.

I sometimes get pinged about why I allow a post on an old topic, and it's
exactly this philosophy, as well as the fact that things change over time,
and different people come in and out.  For example, Daniel Hartmeier's
great stats on stateful filters versus static filters last time we took
that ride gave different answers than I'd expected.

> Anyhow, let's not complain if someone brings up old topics, but take a
> minute to look at it again, and either nod approvingly or go "hey,
> here's a new thought". Remember, the risks of TCP resets were discussed
> decades ago, and we just now got around to improving router security.
> :)

I still think we need bigger sequence numbers.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards