nanog mailing list archives
Re: IPv6 - real vs theoretical problems
From: "Dobbins, Roland" <rdobbins () arbor net>
Date: Sat, 8 Jan 2011 01:06:56 +0000
On Jan 8, 2011, at 5:44 AM, Owen DeLong wrote:
You say dogma, I say mythology.
Concur 100%.
Stateful inspection provides security.
To clarify, stateful inspection only provides security in a context where there's state to inspect - i.e., at the southernmost end of access networks, directly in front of machines which are serving as client workstations. In all other contexts, such as in front of servers and in the middle of access networks, stateful inspection has no security benefit whatsoever, and is actually quite harmful, with a hugely negative effect on security. ;> ------------------------------------------------------------------------ Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com> Most software today is very much like an Egyptian pyramid, with millions of bricks piled on top of each other, with no structural integrity, but just done by brute force and thousands of slaves. -- Alan Kay
Current thread:
- Re: IPv6 - real vs theoretical problems, (continued)
- Re: IPv6 - real vs theoretical problems Grant Phillips (Jan 06)
- Re: IPv6 - real vs theoretical problems Jima (Jan 06)
- Re: IPv6 - real vs theoretical problems Owen DeLong (Jan 06)
- Re: IPv6 - real vs theoretical problems Jima (Jan 06)
- Re: IPv6 - real vs theoretical problems Owen DeLong (Jan 07)
- Message not available
- Re: IPv6 - real vs theoretical problems Tim Chown (Jan 07)
- Re: IPv6 - real vs theoretical problems Jima (Jan 06)
- RE: IPv6 - real vs theoretical problems Deepak Jain (Jan 07)
- RE: IPv6 - real vs theoretical problems Mikael Abrahamsson (Jan 07)
- Re: IPv6 - real vs theoretical problems William Herrin (Jan 07)
- Re: IPv6 - real vs theoretical problems Owen DeLong (Jan 07)
- Re: IPv6 - real vs theoretical problems Dobbins, Roland (Jan 07)
- Re: IPv6 - real vs theoretical problems Michael Loftis (Jan 11)
- RE: IPv6 - real vs theoretical problems George Bonser (Jan 11)
- Re: IPv6 - real vs theoretical problems Jack Bates (Jan 11)
- Re: IPv6 - real vs theoretical problems Joel Jaeggli (Jan 25)
- Re: IPv6 - real vs theoretical problems Grant Phillips (Jan 06)
- Re: IPv6 - real vs theoretical problems Owen DeLong (Jan 11)
- Re: IPv6 - real vs theoretical problems Jima (Jan 12)
- Re: IPv6 - real vs theoretical problems Ted Fischer (Jan 12)
- Re: IPv6 - real vs theoretical problems Owen DeLong (Jan 12)
- Re: IPv6 - real vs theoretical problems Dobbins, Roland (Jan 07)
- Re: IPv6 - real vs theoretical problems William Herrin (Jan 07)