nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NANOG] Microsoft.com PMTUD black hole?

From: SML <sml () lordsargon com>
Date: Wed, 7 May 2008 17:18:51 -0500
On 7-May-2008, at 17:07:06, Deepak Jain wrote:


Many non-SP IT folks think they understand TCP, grudgingly accept  
UDP for DNS from external sources and think everything else is  
bollocks. Many *might* have a fit if they saw Microsoft accepting  
ICMPs because that seems inconsistent with their knowledge of turn- 
the-knob network security. To their view, their Linksys/Netgear/ 
whathaveyou COTS firewalls block everything too.

I don't think I'm exaggerating here.



No, you are not. I have seen the same from "firewall engineers" at  
large companies, people who, supposedly, have done "network security"  
for years. Even after showing them numerous Web sites detailing  
current best practices, especially Rob Thomas's fine site, these folks  
would not change their practices.

Some days it is hard to not give in to the "I give up" feelings.


_______________________________________________
NANOG mailing list
NANOG () nanog org
http://mailman.nanog.org/mailman/listinfo/nanog
Previous By Date Next
Previous By Thread Next

Current thread: