Re: RE: Example firewall script

["Jason Coombs" <jasonc () science org>]

The problem with knowing a thing or two about a thing or two is that you're constantly arguing with other people who 
know nothing about things that nobody else can possibly understand, and that nobody will be forced to learn about or 
consider carefully until it's too late for the knowledge to save them from harm.

This is yet another reason that full disclosure is crucial to everyone's readiness and to our ability to defend 
ourselves... Discussion and analysis of complex subjects, with real-world study and disclosure of failures and 
mistakes, prepares us to understand new risks and classify new threats according to actual significance in our 
situations.

So, thank you both for sharing your debate and thereby calling attention to an area of uncertainty in practice, but if 
you're going to argue about definitions of routing tables vs. ACLs, why not do it in a way that mere mortals are able 
to understand some day in the future when they find your debate archived somewhere because their Cisco router's ACL 
ruleset failed to consider the fact that they had routes and multihomed interfaces configured dynamically by an 
attacker who knew better than the victim just how ACLs are parsed and precisely what the difference is between a good 
ACL and a bad one -- or where an attacker knew there was another interface physically attached to the Cisco device 
where a small wireless access point could be attached, which WAP would automatically assign the Cisco device another 
endpoint address in the WAP's address space.

Fuck off doesn't add to the substance of the technical arguments, and even trying to understand why you are debating at 
all there does not appear to be any reason -- other than that you are both feeling stressed because the stock market 
keeps falling and you're counting on Wall Street to make you wealthier than your hard-working but lesser-compensated 
friends and neighbors.

Don't worry, you'll figure out when you're unemployed and broke that all the time you spent being upset about little 
things distracted you from living life well, and you'll really only regret not having done more to make sure other 
people had as much opportunity as you did to do good work and document then publish details about the things they found 
important at the time, and to share your knowledge publicly for the benefit of everyone who comes after you.

Regards,

Jason Coombs
jasonc () science org

-----Original Message-----
From: "J.A. Terranson" <measl () mfn org>
Date: Sat, 27 Aug 2005 15:38:11 
To:"ericscher () mac com" <ericscher () mac com>
Cc:Full-Disclosure <Full-Disclosure () lists grok org uk>
Subject: Re: [Full-disclosure] RE: Example firewall script



For the record,  I just got a phone call from this guy - apparently he's
afraid that because I call bullshit on him in public, I'm also going to
"fill [his] email box with spam and stuff".

Very entertaining.  He even calls back and leaves messages when you hang
up on him!  Of course, while he's willing to call you on your cell phone
to bitch and moan, he's also a pussy: he hides his calling number.

HEY - ERIC!!!

FUCK OFF.


On Sat, 27 Aug 2005, ericscher () mac com wrote:

> Date: Sat, 27 Aug 2005 16:27:14 -0400
> From: "ericscher () mac com" <ericscher () mac com>
> To: measl () mfn org
> Subject: Re: [Full-disclosure] RE: Example firewall script
>
>
> As does Juniper, as does.....
>
> > > Your Point?
>
>
>
> Uh... No.  Traffic shaping may make use of ACLs, but ACL != Shaping.
>
> > > Sorry, but...
> > > By definition, ACLs are a traffic shaping device.
>
>
>
>
> Bzzzt.  *All* "Autonomous Systems" are multihomed.  Thats the definition
> of AS.
>
> > > That's completely wrong. The definition of an "AS" is not that it's
> multihomed, and not all AS's are multihomed.
>
>
>
> Again, wrong.  ACLS are involved, but what you are talking about are
> called ROUTING DECISIONS, and ACLS != Routing Decisions.
>
> > > Sorry, but that's EXACTLY what they are. They are a set of instructions
> by which a routing device DECIDES where to route packets.
>
>
> This is true for *most* ACL implementations, but NOT for all.  Again, you
> are trying to paint the entire world with your only available [Cisco]
> brush, and it is making you look like a self-important fool.
>
> > > Sorry, but... you're wrong again. The very nature of how ACL's work mean
> that you move from specific to general.
>
>
> I can probably find a few good ones to recommend - if you will promise to
> read them prior to spewing more of this.
>
> > > Based on your statements so far, I would not be inclined to follow your
> suggestions.
>
>
>
> And still managed to screw up most of what you said.
>
> > > Actually, what I said is entirely correct.
>
>
> That's expected: hot gas expands.
>
> > > You would know.
>
>
>
>
>
>
> --------------------------------------------------------------------
> mail2web - Check your email from the web at
> http://mail2web.com/ .

-- 
Yours,

J.A. Terranson
sysadmin () mfn org
0xBD4A95BF


I like the idea of belief in drug-prohibition as a religion in that it is
a strongly held belief based on grossly insufficient evidence and
bolstered by faith born of intuitions flowing from the very beliefs they
are intended to support.

don zweig, M.D.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/