|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Cisco says attacks are due to operational practices
On Thu, Feb 10, 2000 at 06:13:56PM -0800, Chris Cappuccio wrote:
>
> Filtering incoming our outgoing ports for anybody's network but your own (not
> your customer's) is wrong. You know specifically what apps you are running.
> How can you know what your customer is running or what they want to do ?
Filtering my customers to prevent them from sending me
packets with source ip addresses other than those they have
told me about, or I have assigned to them is not wrong.
> If the customer is aware this is happening or even requests this type of
> firewall service, that's great. But to filter ports on backbone routers is
> stupid.
Lets explain it this way:
If I were operating a telephone network, I would only allow
calls from numbers that I assigned, or my customers ask to be routed
to them.
Or even this:
If I operate a cellular network, I can choose what the source
number is on their telephone, and if I want to allow it.
- Jared
|