Port blocking last resort in fight against virus
Mans Nilsson
mansaxel at sunet.se
Wed Aug 13 09:06:17 UTC 2003
Subject: Re: Port blocking last resort in fight against virus Date: Wed, Aug 13, 2003 at 09:57:56AM +0100 Quoting Stephen J. Wilcox (steve at telecomplete.co.uk):
> Sorry I see where you're coming from on this but firewalls are more than just
> patches to broken OS's.
>
> In your world DoS traffic would be free to roam the networks as it pleased
> without being throttled sensibly at ingress?
Providing one makes people responsible for what their boxes (not
aggregates of networks) cause, and enforces this, there will be no
DoS traffic; given a perfect world.
Even in an imperfect world, the solution lies in the edge, not even
the CPE, but the end node, if you want to do more than pathetic
bandaiding of the inherent problem of insecure applications on end
nodes.
--
Måns Nilsson Systems Specialist
+46 70 681 7204 KTHNOC
MN1334-RIPE
My face is new, my license is expired, and I'm under a doctor's
care!!!!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20030813/5958f93e/attachment.sig>
More information about the NANOG
mailing list