nanog mailing list archives
RE: Do we still need Gi Firewall for 3G/UMTS/HSPA network ?
From: "TJ" <trejrco () gmail com>
Date: Thu, 16 Apr 2009 09:58:07 -0400
That's why you use Teredo - it defeats that sort of simple statefulness, and works. ((SSH'ed from one laptop (WinXP, using MS's Teredo over double-NATed v4 connection) to another laptop (Ubuntu, EVDO, + Miredo) ... although it was pretty slow, it fit my needs at the time.)) For a time, maybe still today?, 6to4 would work as well. That is, the carrier may have been filtering unsolicited TCP/UDP ... but not Protocol41. (Off the top of my head, I forget which providers fell into which side of the ItWorked | ItStillWorks camp) /TJ
-----Original Message----- From: Charles Wyble [mailto:charles () thewybles com] Sent: Thursday, April 09, 2009 6:09 PM To: Skywing Cc: NANOG list Subject: Re: Do we still need Gi Firewall for 3G/UMTS/HSPA network ? Yep verizon does indeed filter all unsolicated inbound traffic to the EVDO network. It can be a blessing or a curse. :) Skywing wrote:Verizon filters unsolicited inbound traffic for their EVDO customers in
my
experience.- S -----Original Message----- From: Roland Dobbins <rdobbins () cisco com> Sent: Thursday, April 09, 2009 09:32 To: NANOG list <nanog () nanog org> Subject: Re: Do we still need Gi Firewall for 3G/UMTS/HSPA network ? On Apr 9, 2009, at 11:48 PM, Lee, Steven (NSG Malaysia) wrote:Please share your thought and thanks in advance :)No, IMHO. Most broadband operators don't insert firewalls inline in front of their subscribers, and wireless broadband is no different. The infrastructure itself must be protected via iACLs, the various vendor-specific control-plane protection mechanisms, and so forth, but inserting additional state in the middle of everything doesn't buy anything, and introduces additional constraints and concerns. ---------------------------------------------------------------------- - Roland Dobbins <rdobbins () cisco com> // +852.9133.2844 mobile Our dreams are still big; it's just the future that got small. -- Jason Scott
Current thread:
- Re: Do we still need Gi Firewall for 3G/UMTS/HSPA network ?, (continued)
- Re: Do we still need Gi Firewall for 3G/UMTS/HSPA network ? Roland Dobbins (Apr 09)
- Re: Do we still need Gi Firewall for 3G/UMTS/HSPA network ? Eugeniu Patrascu (Apr 10)
- Re: Do we still need Gi Firewall for 3G/UMTS/HSPA network ? Alexander Harrowell (Apr 09)
- Re: Do we still need Gi Firewall for 3G/UMTS/HSPA network ? Roland Dobbins (Apr 09)
- Re: Do we still need Gi Firewall for 3G/UMTS/HSPA network ? Mike Dimayuga (Apr 09)
- Re: Do we still need Gi Firewall for 3G/UMTS/HSPA network ? Rubens Kuhl (Apr 09)
- Message not available
- Re: Do we still need Gi Firewall for 3G/UMTS/HSPA network ? Mike Tancsa (Apr 16)
- Message not available
- Re: Do we still need Gi Firewall for 3G/UMTS/HSPA network ? Roland Dobbins (Apr 09)
- RE: Do we still need Gi Firewall for 3G/UMTS/HSPA network ? Skywing (Apr 09)
- Re: Do we still need Gi Firewall for 3G/UMTS/HSPA network ? Charles Wyble (Apr 09)
- RE: Do we still need Gi Firewall for 3G/UMTS/HSPA network ? Lee, Steven (NSG Malaysia) (Apr 09)
- RE: Do we still need Gi Firewall for 3G/UMTS/HSPA network ? TJ (Apr 16)
- Re: Do we still need Gi Firewall for 3G/UMTS/HSPA network ? Charles Wyble (Apr 09)