Re: Removing features

On Wed, 15 Oct 2003 10:26:17 EDT, Keith Moore said:

great.  now we'll have NAT boxes intercepting outgoing DNS traffic also.


The really bad part is that they'll on the average do as good a job of 
intercepting
DNS traffic as they do of filtering outbound 1918-sourced packets in general. 
After
all, the root DNS boxes shouldn't ever see a 1918 packet unless (a) some site 
isn't
egress filtering properly *and* (b) their ISP isn't ingress filtering at the 
edge.

Egress *and* ingress filtering.  Belt and suspenders design.  Too bad there's so
many sites that still manage to leave their fly open anyhow.....

pgpPDrimluMDp.pgp
Description: PGP signature

<Prev in Thread]	Current Thread	[Next in Thread>
Impact from rfc1918 leaks, (continued) Impact from rfc1918 leaks, Leif Johansson Re: Impact from rfc1918 leaks, Iljitsch van Beijnum Re: Impact from rfc1918 leaks, Leif Johansson Re: Impact from rfc1918 leaks, Kurt Erik Lindqvist RE: Removing features, Michel Py Re: Removing features, Kurt Erik Lindqvist RE: Removing features, Michel Py Re: Removing features, Kurt Erik Lindqvist RE: Removing features, Michel Py Re: Removing features, Keith Moore Re: Removing features, Valdis . Kletnieks <= rfc1918 impact, Leif Johansson Re: rfc1918 impact, Dean Anderson RE: rfc1918 impact, Jeroen Massar RE: rfc1918 impact, Dean Anderson RE: rfc1918 impact, Jeroen Massar Re: rfc1918 impact, Markus Stumpf RE: Removing features, Michel Py RE: Removing features, Jeroen Massar Re: Removing features, Keith Moore Re: Removing features, John C Klensin

Previous by Date:	RE: Removing features, Jeroen Massar
Next by Date:	Re: Removing features, Keith Moore
Previous by Thread:	Re: Removing features, Keith Moore
Next by Thread:	rfc1918 impact, Leif Johansson
Indexes:	[Date] [Thread] [Top] [All Lists]