Re: Firewall

To: Nathan E Norman <nnorman@micromuse.com>
Cc: Vineet Kumar <debian-security@virtual.doorstop.net>, <debian-firewall@lists.debian.org>
Subject: Re: Firewall
From: Adam William Lydick <awlydick@bulldog.unca.edu>
Date: Thu, 23 Aug 2001 19:18:35 -0400 (EDT)
Message-id: <[🔎] Pine.OSF.4.31.0108231913520.269303-100000@bulldog.unca.edu>
In-reply-to: <[🔎] 20010823124454.E8671@micromuse.com>

On Thu, 23 Aug 2001, Nathan E Norman wrote:
> When I worked at an ISP, I liked to bring up security issues.

[snip]

> replies to other customers, filter rfc1918 addresses at the gateway to
> prevent those addresses from accessing the internet, filtering source
> addresses not in our netblocks from accessing the internet, filtering
> incoming traffic with source addresses in our netblocks, etc).

That's not too bad, actually. I've never used an ISP that did
egress/ingress filtering :) That cuts down on a good bit of garbage that
can go on, although it doesn't save you from your neighbors or people who
are bouncing to attack or are too stupid to known/care.

Out of curiosity, how much load did that filtering but on the routers?
The common argument I've heard against doing the filtering is that it
requires using the "slow path" on the router, and you can't handle as much
load / router (more expensive). Is this accurate?

-- Adam

Reply to:

Follow-Ups:
- Re: Firewall
  - From: Nathan E Norman <nnorman@micromuse.com>

References:
- Re: Firewall
  - From: Nathan E Norman <nnorman@micromuse.com>

Prev by Date: Re: Firewall
Next by Date: Re: Firewall
Previous by thread: Re: Firewall
Next by thread: Re: Firewall
Index(es):
- Date
- Thread