Great Circle Associates Firewalls
(June 1994) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: RFC 1597
From: lear @ yeager . corp . sgi . com (Eliot Lear)
Date: Thu, 16 Jun 1994 00:13:09 -0700
To: John Hawkinson <jhawk @ panix . com>, dcrocker @ mordor . stanford . edu (Dave Crocker)
Cc: andras @ is . co . za, firewalls @ GreatCircle . COM
In-reply-to: John Hawkinson <jhawk @ panix . com> "Re: RFC 1597" (Jun 16, 12:26am)
References: <199406160426 . AA01008 @ panix . com> 
On Jun 16, 12:26am, John Hawkinson wrote:
[ Dave Crocker:]
> > Since that is an entirely unsafe assumption, RFC1597 is inclined to
> > lull us into taking a 'filter only this small set' approach rather
> > than 'pass only this small set'.  I.e., the backbone routers should
> > allow through only those IP numbers that are known to be safe,
> > rather than filter only those known to be unsafe.
> 
> But that's what they DO already!

Not all vendors do this, and those that do it are probably in the minority.
Some filter routing info; I've yet to hear of a vendor that filtered incoming
packets.  The latter is definitely a cause for concern.

-- 
Eliot Lear
[lear @
 sgi .
 com]
Follow-Ups:
  • Re: RFC 1597
    From: Pushpendra Mohta <pushp-m @ CERF . NET>
References:
Indexed By Date Previous: Re: RFC 1597
From: Brent Chapman <brent @ mycroft . GreatCircle . COM>
Next: 1 comment on IP Routing & 2 firewall Questions
From: rhunter @ ecnod . esoc . esa . de (Hunter)
Indexed By Thread Previous: Re: RFC 1597
From: John Hawkinson <jhawk @ panix . com>
Next: Re: RFC 1597
From: Pushpendra Mohta <pushp-m @ CERF . NET>
Google
 
Search Internet Search www.greatcircle.com