nanog mailing list archives

Re: IPv6 - real vs theoretical problems


From: "Dobbins, Roland" <rdobbins () arbor net>
Date: Sat, 8 Jan 2011 01:06:56 +0000


On Jan 8, 2011, at 5:44 AM, Owen DeLong wrote:

You say dogma, I say mythology.

Concur 100%.

Stateful inspection provides security.

To clarify, stateful inspection only provides security in a context where there's state to inspect - i.e., at the 
southernmost end of access networks, directly in front of machines which are serving as client workstations.  

In all other contexts, such as in front of servers and in the middle of access networks, stateful inspection has no 
security benefit whatsoever, and is actually quite harmful, with a hugely negative effect on security.

;>

------------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

Most software today is very much like an Egyptian pyramid, with millions
of bricks piled on top of each other, with no structural integrity, but
just done by brute force and thousands of slaves.

                          -- Alan Kay



Current thread: