>From: Peter da Silva
>Yes, plugs are relatively stupid. They *do* take care of all the IP level
>attacks (source routing, IP options, fragmentation, and so on) that can slip
>through a packet filter, whether or not the people who wrote the filter know
>about them or not.
Skip does not function very well with a plug gateway. Any encryption schema using IP header information fails when either NAT or a proxy changes the header.
Plugs do not cover round robin DNS functionality for web servers. There are "real world" cases for having connections open in two directions to the Original IP address.
Once again, different technologies have different places and these should be used to compliment each other, NOT in a cusaide of what is better.
Anyone can secure a connection. All that is needed is a pair of pliers. The skill comes in securing the connection with as little loss of functionality as is possible.
Craig S. Wright
----------------------------------------------
Network Security Specialist
Australian Stock Exchange
----------------------------------------------
Follow-Ups:
|
|
