nanog mailing list archives
Re: IPv6 - real vs theoretical problems
From: "Dobbins, Roland" <rdobbins () arbor net>
Date: Sat, 8 Jan 2011 02:00:10 +0000
On Jan 8, 2011, at 8:54 AM, William Herrin wrote:
I presume you don't intend us to conclude that a bastion host firewall provides no security benefit to the equipment it protects.
If it's protecting workstations, yes, it has some positive security value - but not due to NAT. If it's inappropriately placed in front of servers, where's there's no state to inspect and were the stateful nature of the device in and of itself forms a DoS vector, it has negative security value; i.e., it makes things far worse. ------------------------------------------------------------------------ Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com> Most software today is very much like an Egyptian pyramid, with millions of bricks piled on top of each other, with no structural integrity, but just done by brute force and thousands of slaves. -- Alan Kay
Current thread:
- Re: IPv6 - real vs theoretical problems, (continued)
- Re: IPv6 - real vs theoretical problems Michael Loftis (Jan 11)
- RE: IPv6 - real vs theoretical problems George Bonser (Jan 11)
- Re: IPv6 - real vs theoretical problems Jack Bates (Jan 11)
- Re: IPv6 - real vs theoretical problems Joel Jaeggli (Jan 25)
- Re: IPv6 - real vs theoretical problems Owen DeLong (Jan 11)
- Re: IPv6 - real vs theoretical problems Jima (Jan 12)
- Re: IPv6 - real vs theoretical problems Ted Fischer (Jan 12)
- Re: IPv6 - real vs theoretical problems Owen DeLong (Jan 12)
- Re: IPv6 - real vs theoretical problems Dobbins, Roland (Jan 07)
- Re: IPv6 - real vs theoretical problems William Herrin (Jan 07)
- Re: IPv6 - real vs theoretical problems Dobbins, Roland (Jan 07)
- Re: IPv6 - real vs theoretical problems William Herrin (Jan 07)
- Re: IPv6 - real vs theoretical problems Sam Stickland (Jan 08)
- Re: IPv6 - real vs theoretical problems Dobbins, Roland (Jan 08)
- Re: IPv6 - real vs theoretical problems Jeff Wheeler (Jan 06)
- Re: IPv6 - real vs theoretical problems sthaug (Jan 07)
- Re: IPv6 - real vs theoretical problems Devon True (Jan 07)
- Re: IPv6 - real vs theoretical problems Randy McAnally (Jan 07)