Do we still need Gi Firewall for 3G/UMTS/HSPA network ?

TJ trejrco at gmail.com
Thu Apr 16 08:58:07 CDT 2009


That's why you use Teredo - it defeats that sort of simple statefulness, and
works.
((SSH'ed from one laptop (WinXP, using MS's Teredo over double-NATed v4
connection) to another laptop (Ubuntu, EVDO, + Miredo) ... although it was
pretty slow, it fit my needs at the time.))

For a time, maybe still today?, 6to4 would work as well.  That is, the
carrier may have been filtering unsolicited TCP/UDP ... but not Protocol41.
(Off the top of my head, I forget which providers fell into which side of
the ItWorked | ItStillWorks camp)


/TJ


>-----Original Message-----
>From: Charles Wyble [mailto:charles at thewybles.com]
>Sent: Thursday, April 09, 2009 6:09 PM
>To: Skywing
>Cc: NANOG list
>Subject: Re: Do we still need Gi Firewall for 3G/UMTS/HSPA network ?
>
>Yep verizon does indeed filter all unsolicated inbound traffic to the EVDO
>network. It can be a blessing or a curse. :)
>
>Skywing wrote:
>> Verizon filters unsolicited inbound traffic for their EVDO customers in
my
>experience.
>>
>> - S
>>
>> -----Original Message-----
>> From: Roland Dobbins <rdobbins at cisco.com>
>> Sent: Thursday, April 09, 2009 09:32
>> To: NANOG list <nanog at nanog.org>
>> Subject: Re: Do we still need Gi Firewall for 3G/UMTS/HSPA network ?
>>
>>
>> On Apr 9, 2009, at 11:48 PM, Lee, Steven (NSG Malaysia) wrote:
>>
>>> Please share your thought and thanks in advance :)
>>
>> No, IMHO.  Most broadband operators don't insert firewalls inline in
>> front of their subscribers, and wireless broadband is no different.
>>
>> The infrastructure itself must be protected via iACLs, the various
>> vendor-specific control-plane protection mechanisms, and so forth, but
>> inserting additional state in the middle of everything doesn't buy
>> anything, and introduces additional constraints and concerns.
>>
>> ----------------------------------------------------------------------
>> - Roland Dobbins <rdobbins at cisco.com> // +852.9133.2844 mobile
>>
>>    Our dreams are still big; it's just the future that got small.
>>
>>                    -- Jason Scott
>>
>>
>>





More information about the NANOG mailing list