IAB concerns against permanent deployment of edge-based filtering
E.B. Dreger
eddy+public+spam at noc.everquick.net
Sat Oct 18 20:07:04 UTC 2003
> Date: Sat, 18 Oct 2003 11:14:42 -0700 (PDT)
> From: bmanning at ...
> perhaps. but last I checked, it was the Internet Architecture Board
> not the Internet Operations Board. So form an architectural purity
> perspective, sure, don't filter (and by extention, pull out firewalls
> and NATS.... :)
Ports < 1024 are "privileged" and tend not to be used as a source
port for outgoing packets. This in turn affects packet filters.
Life might be easier if a port range had been reserved for
passive FTP connections.
It would seem architecture and operations are at least somewhat
coupled. Should there not be interaction between the two?
"Here is what we built; deal with it!" doesn't appeal to me.
(Judging from the wildcard threads, it doesn't seem to appeal to
others, either.) I'd like the arch folks to listen to the ops
crowd, and I see no reason why it shouldn't go the other way too.
Eddy
--
Brotsman & Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita
_________________________________________________________________
DO NOT send mail to the following addresses :
blacklist at brics.com -or- alfra at intc.net -or- curbjmp at intc.net
Sending mail to spambait addresses is a great way to get blocked.
More information about the NANOG
mailing list