nanog mailing list archives

Re: Smallest Transit MTU

From: Valdis.Kletnieks () vt edu
Date: Fri, 31 Dec 2004 01:18:56 -0500

On Thu, 30 Dec 2004 22:09:05 PST, David Schwartz said:

David Schwartz:

  IMO, it's negligent to configure a firewall to pass
traffic whose meaning is not known.

I see. Can you suggest a firewall that supports "block all traffic not
unencrypted and in American English"?


      You misunderstand what I mean by "whose meaning is not known".
Deliberately, I suspect.


He *does* have a point - the fact that the firewall knows about the new
feature doesn't mean that the target host behind the firewall is able to
do something reasonable/correct with the new feature....

And where, exactly, do you draw the line between "firewall that blocks
unknown bits" and "virus-scanning front-end appliance that blocks unknown
MIME types" and "Great Firewall" that blocks all traffic that contains
subversive content.....

Attachment: _bin
Description:

Current thread:

Re: Smallest Transit MTU, (continued)
- - - Re: Smallest Transit MTU John Kristoff (Dec 30)
    - RE: Smallest Transit MTU David Schwartz (Dec 30)
    - Re: Smallest Transit MTU John Kristoff (Dec 30)
    - RE: Smallest Transit MTU David Schwartz (Dec 30)
    - Re: Smallest Transit MTU Robert E . Seastrom (Dec 30)
    - Re: Smallest Transit MTU John Kristoff (Dec 30)
    - Re: Smallest Transit MTU Robert E . Seastrom (Dec 31)
    - RE: Smallest Transit MTU Scott Weeks (Dec 30)
    - RE: Smallest Transit MTU Matthew Kaufman (Dec 30)
    - RE: Smallest Transit MTU David Schwartz (Dec 30)
    - Re: Smallest Transit MTU Valdis . Kletnieks (Dec 30)
- Re: Smallest Transit MTU Dan Hollis (Dec 30)
- Re: Smallest Transit MTU J. Oquendo (Dec 30)
- FW: Smallest Transit MTU David Schwartz (Dec 31)
  - Re: Smallest Transit MTU Iljitsch van Beijnum (Dec 31)