nanog mailing list archives
Re: The "not long discussion" thread....
From: "Christopher L. Morrow" <christopher.morrow () mci com>
Date: Thu, 28 Apr 2005 01:47:36 +0000 (GMT)
On Wed, 27 Apr 2005, Jerry Pasker wrote:
Christopher L. Morrow allegedly wrote:This, it seems, was an unfortunate side effect (as I pointed out earlier) of legacy software and legacy config... if I had to guess.You guess wrong. See the above. And don't pass judgement. (am I being sited for lack of clue? It kind of feels like it) It wasn't a
no lack of clue meant, just pointing out one possible cause of the acl usage. I don't think I saw the original reasoning in the original email.
*BAD* thing, it was a *GOOD* thing. It made things better, not worse. I still may go back and re-implement port 53 blocks in the future if I find a good reason to. I know now that it doesn't really cause operational problems. At least not in a smaller ISP environment. Would I want a transit network to block TCP 53? Of course not. But my end customers request those types of services regularly, so I try to provide what they want.
Sure, this is a form of 'managed security services' and the custommer (and you) agree to that policy change.
And don't think I'm coming off as all ticked off and defensive. I'm not ticked off, I'm actually enjoying this. As for being defensive? Maybe. I'm trying hard not to be though. I really can't help myself........I have this lurking fear that I'm being tossed in to the "clueless block TCP 53 with an outsourced firewall, and don't know what I'm doing beyond that" group that I so despise. ;-) Especially on this list, full of people that I have so much respect for.
either way, it was just one possibliity of many for the acl to be there, nothing more :)
good of the group, and therefore, worth it. And I still think that.
excellent, it probably helps Patrick, the world-nic folks and others as well :)
Current thread:
- Re: Problems with NS*.worldnic.com, (continued)
- Re: Problems with NS*.worldnic.com Valdis . Kletnieks (Apr 25)
- Re: Problems with NS*.worldnic.com Randy Bush (Apr 25)
- Re: Problems with NS*.worldnic.com william(at)elan.net (Apr 25)
- Re: Problems with NS*.worldnic.com Valdis . Kletnieks (Apr 26)
- Re: Problems with NS*.worldnic.com Edward Lewis (Apr 26)
- Re: Problems with NS*.worldnic.com Jerry Pasker (Apr 25)
- Message not available
- The "not long discussion" thread.... Jerry Pasker (Apr 26)
- Re: The "not long discussion" thread.... Steve Sobol (Apr 26)
- Re: The "not long discussion" thread.... Christopher L. Morrow (Apr 26)
- Re: The "not long discussion" thread.... Jerry Pasker (Apr 27)
- Re: The "not long discussion" thread.... Christopher L. Morrow (Apr 27)
- RE: Problems with NS*.worldnic.com Christopher L. Morrow (Apr 25)
- Re: Problems with NS*.worldnic.com Simon Waters (Apr 26)
- Re: Problems with NS*.worldnic.com Christopher L. Morrow (Apr 26)
- Re: Problems with NS*.worldnic.com Randy Bush (Apr 26)
- Re: Problems with NS*.worldnic.com Peter Corlett (Apr 26)
- Re: Problems with NS*.worldnic.com Christopher L. Morrow (Apr 26)
- Re: Problems with NS*.worldnic.com Steven M. Bellovin (Apr 26)
- Re: Problems with NS*.worldnic.com aljuhani (Apr 26)