nanog mailing list archives

Re: Arguing against using public IP space

From: Jay Ashworth <jra () baylink com>
Date: Tue, 15 Nov 2011 15:55:42 -0500 (EST)

----- Original Message -----

From: "Valdis Kletnieks" <Valdis.Kletnieks () vt edu>

And this is totally overlooking the fact that the vast majority of *actual*
attacks these days are web-based drive-bys and similar things that most
firewalls are configured to pass through. Think about it - if a NAT'ed
firewall provides any real protection against real attacks, why are there still
so many zombied systems out there? I mean, Windows Firewall has been shipping
with inbound "default deny" since XP SP2 or so. How many years ago was that?
And what *real* security over and above that host-based firewall are you
getting from that appliance?

Or as Dr Phil would say "FIrewalls - how is that working out for you?"


Do you have actual honest-to-ghod numbers, Valdis?

And aren't you making here the same assumption for which we chastise people
who run DNS resolvers that wildcard to advertising pages for NXDOMAIN:

That all the world's a workstation?

Cheers,
-- jra
-- 
Jay R. Ashworth                  Baylink                       jra () baylink com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com         2000 Land Rover DII
St Petersburg FL USA      http://photo.imageinc.us             +1 727 647 1274

Current thread:

Re: Arguing against using public IP space, (continued)
- - - Re: Arguing against using public IP space Leigh Porter (Nov 15)
    - Re: Arguing against using public IP space Valdis . Kletnieks (Nov 15)
    - RE: Arguing against using public IP space Chuck Church (Nov 15)
    - Re: Arguing against using public IP space Leigh Porter (Nov 15)
    - Re: Arguing against using public IP space Valdis . Kletnieks (Nov 15)
    - Re: Arguing against using public IP space William Herrin (Nov 15)
    - Re: Arguing against using public IP space -Hammer- (Nov 15)
    - Re: Arguing against using public IP space Cameron Byrne (Nov 15)
    - Re: Arguing against using public IP space -Hammer- (Nov 15)
    - Re: Arguing against using public IP space Valdis . Kletnieks (Nov 15)
    - Re: Arguing against using public IP space Jay Ashworth (Nov 15)
    - Re: Arguing against using public IP space Owen DeLong (Nov 15)
    - Re: Arguing against using public IP space Joe Greco (Nov 15)
    - Re: Arguing against using public IP space Owen DeLong (Nov 15)
    - Re: Arguing against using public IP space Joe Greco (Nov 15)
    - Re: Arguing against using public IP space david raistrick (Nov 15)
    - Re: Arguing against using public IP space Joe Greco (Nov 15)
    - Re: Arguing against using public IP space Jay Ashworth (Nov 15)
    - Re: Arguing against using public IP space Joe Greco (Nov 15)
    - Re: Arguing against using public IP space Leigh Porter (Nov 15)
    - Re: Arguing against using public IP space Owen DeLong (Nov 15)

(Thread continues...)