Re: legality of port-mapping

[Rob Quinn <rquinn () sec sprint net>]

> You can't know that "Unauthorized access to this system is restricted" 
> until after you open a connection and get the banner.

 Ahhh... so where is it that I'm supposed to hang my ``NO TRESPASSING'' sign
so that you can see it?

> If you stick a box on a public network (never forget it's a public 
> network)

 I think most of my customers would say the `public' part of the network
stops right at the point where they start paying out the cash - the upstream
side of their circuit.

> with ports available to anyone (no ACLs), you might as well be 
> operating a store on Main St. USA with your front door propped open. 

 How often do you get to admin ACLs on the ``public'' side of your
circuit?

> Sure, you can reserve the right to refuse anyone service, but it's not 
> illegal for them to walk in.

 I'm still looking for the virtual fence-post or front door that I can
nail my NO TRESPASSING sign to.

  -- Rob Quinn