nanog mailing list archives

Re: Block all servers?

From: "Majdi S. Abbas" <msa () samurai sfo dead-dog com>
Date: Fri, 10 Oct 2003 23:45:14 -0700


On Fri, Oct 10, 2003 at 08:07:05PM -0600, Adam Selene wrote:

IMHO, all consumer network access should be behind NAT.

-snip-

As for plug-in "workgroup" networking (the main reason why
everything is open by default), when you create a Workgroup, 
it should require a key for that workgroup and enable shared-key 
IPSEC.


        These two requirements are mutually exclusive outside
of a LAN environment, and if you're on a LAN, why require IPSEC?

        Filtering or NAT do not protect you from bad implementation
or bad protocol design.  Penalizing users that need (and will pay)
for reasonably accessible two way communication is not the answer,
and never will be. 

        --msa

Current thread:

Re: Block all servers?, (continued)
- - - Re: Block all servers? Crist Clark (Oct 14)
    - Re: Block all servers? Stefan Mink (Oct 14)
    - Re: Block all servers? Kee Hinckley (Oct 14)
    - Re: Block all servers? Crist Clark (Oct 14)
    - Re: Block all servers? Steven M. Bellovin (Oct 14)
    - Re: Block all servers? Alex Yuriev (Oct 11)
    - Re: Block all servers? Steven M. Bellovin (Oct 11)
    - Re: Block all servers? ken emery (Oct 11)
    - RE: Block all servers? Terry Baranski (Oct 11)
    - Re: Block all servers? Petri Helenius (Oct 12)
    - Re: Block all servers? Majdi S. Abbas (Oct 10)
    - Re: Block all servers? Adam Selene (Oct 11)
    - Re: Block all servers? Petri Helenius (Oct 11)
    - Re: Block all servers? Adam Selene (Oct 11)
    - Re: Block all servers? Petri Helenius (Oct 11)
    - Re: Block all servers? Petri Helenius (Oct 10)
    - RE: Block all servers? Christopher Bird (Oct 11)
    - Re: Block all servers? jlewis (Oct 11)
- Fw: Re: Block all servers? Fred Heutte (Oct 14)
  - Re: Fw: Re: Block all servers? Chris Brenton (Oct 15)
    - Re: Fw: Re: Block all servers? Crist Clark (Oct 15)