nanog mailing list archives
Re: Block all servers?
From: "Majdi S. Abbas" <msa () samurai sfo dead-dog com>
Date: Fri, 10 Oct 2003 23:45:14 -0700
On Fri, Oct 10, 2003 at 08:07:05PM -0600, Adam Selene wrote:
IMHO, all consumer network access should be behind NAT.
-snip-
As for plug-in "workgroup" networking (the main reason why everything is open by default), when you create a Workgroup, it should require a key for that workgroup and enable shared-key IPSEC.
These two requirements are mutually exclusive outside of a LAN environment, and if you're on a LAN, why require IPSEC? Filtering or NAT do not protect you from bad implementation or bad protocol design. Penalizing users that need (and will pay) for reasonably accessible two way communication is not the answer, and never will be. --msa
Current thread:
- Re: Block all servers?, (continued)
- Re: Block all servers? Crist Clark (Oct 14)
- Re: Block all servers? Stefan Mink (Oct 14)
- Re: Block all servers? Kee Hinckley (Oct 14)
- Re: Block all servers? Crist Clark (Oct 14)
- Re: Block all servers? Steven M. Bellovin (Oct 14)
- Re: Block all servers? Alex Yuriev (Oct 11)
- Re: Block all servers? Steven M. Bellovin (Oct 11)
- Re: Block all servers? ken emery (Oct 11)
- RE: Block all servers? Terry Baranski (Oct 11)
- Re: Block all servers? Petri Helenius (Oct 12)
- Re: Block all servers? Majdi S. Abbas (Oct 10)
- Re: Block all servers? Adam Selene (Oct 11)
- Re: Block all servers? Petri Helenius (Oct 11)
- Re: Block all servers? Adam Selene (Oct 11)
- Re: Block all servers? Petri Helenius (Oct 11)
- Re: Block all servers? Petri Helenius (Oct 10)
- RE: Block all servers? Christopher Bird (Oct 11)
- Re: Block all servers? jlewis (Oct 11)
- Re: Fw: Re: Block all servers? Chris Brenton (Oct 15)
- Re: Fw: Re: Block all servers? Crist Clark (Oct 15)