North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Cisco says attacks are due to operational practices
On Thu, Feb 10, 2000 at 06:13:56PM -0800, Chris Cappuccio wrote: > > Filtering incoming our outgoing ports for anybody's network but your own (not > your customer's) is wrong. You know specifically what apps you are running. > How can you know what your customer is running or what they want to do ? Filtering my customers to prevent them from sending me packets with source ip addresses other than those they have told me about, or I have assigned to them is not wrong. > If the customer is aware this is happening or even requests this type of > firewall service, that's great. But to filter ports on backbone routers is > stupid. Lets explain it this way: If I were operating a telephone network, I would only allow calls from numbers that I assigned, or my customers ask to be routed to them. Or even this: If I operate a cellular network, I can choose what the source number is on their telephone, and if I want to allow it. - Jared
|