Home page logo
/

nanog logo nanog mailing list archives

Re: Port blocking last resort in fight against virus
From: "Stephen J. Wilcox" <steve () telecomplete co uk>
Date: Wed, 13 Aug 2003 10:14:22 +0100 (BST)


On Wed, 13 Aug 2003, Mans Nilsson wrote:

Subject: Re: Port blocking last resort in fight against virus Date: Wed, Aug 13, 2003 at 09:57:56AM +0100 Quoting 
Stephen J. Wilcox (steve () telecomplete co uk):
 
Sorry I see where you're coming from on this but firewalls are more than just 
patches to broken OS's. 

In your world DoS traffic would be free to roam the networks as it pleased 
without being throttled sensibly at ingress?

Providing one makes people responsible for what their boxes (not
aggregates of networks) cause, and enforces this, there will be no
DoS traffic; given a perfect world.

What if the people running the boxes are irresponsible, perhaps even harboring 
malicious intent

Even in an imperfect world, the solution lies in the edge, not even
the CPE, but the end node, if you want to do more than pathetic
bandaiding of the inherent problem of insecure applications on end
nodes.

I dont have control of all end nodes but I do control my edge.

Steve


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault