nanog mailing list archives
Re: Smallest Transit MTU
From: Valdis.Kletnieks () vt edu
Date: Fri, 31 Dec 2004 01:18:56 -0500
On Thu, 30 Dec 2004 22:09:05 PST, David Schwartz said:
David Schwartz:IMO, it's negligent to configure a firewall to pass traffic whose meaning is not known.I see. Can you suggest a firewall that supports "block all traffic not unencrypted and in American English"?You misunderstand what I mean by "whose meaning is not known". Deliberately, I suspect.
He *does* have a point - the fact that the firewall knows about the new feature doesn't mean that the target host behind the firewall is able to do something reasonable/correct with the new feature.... And where, exactly, do you draw the line between "firewall that blocks unknown bits" and "virus-scanning front-end appliance that blocks unknown MIME types" and "Great Firewall" that blocks all traffic that contains subversive content.....
Attachment:
_bin
Description:
Current thread:
- Re: Smallest Transit MTU, (continued)
- Re: Smallest Transit MTU John Kristoff (Dec 30)
- RE: Smallest Transit MTU David Schwartz (Dec 30)
- Re: Smallest Transit MTU John Kristoff (Dec 30)
- RE: Smallest Transit MTU David Schwartz (Dec 30)
- Re: Smallest Transit MTU Robert E . Seastrom (Dec 30)
- Re: Smallest Transit MTU John Kristoff (Dec 30)
- Re: Smallest Transit MTU Robert E . Seastrom (Dec 31)
- RE: Smallest Transit MTU Scott Weeks (Dec 30)
- RE: Smallest Transit MTU Matthew Kaufman (Dec 30)
- RE: Smallest Transit MTU David Schwartz (Dec 30)
- Re: Smallest Transit MTU Valdis . Kletnieks (Dec 30)
- Re: Smallest Transit MTU Iljitsch van Beijnum (Dec 31)