On Sun, Apr 26, 2009 at 4:10 PM, bofh <goodb...@gmail.com> wrote:
> It's called going off on a related tangent - whenever I hear people
> talking about using something because someone has published a paper
> and here's all these smart people using it (transparent bridging, etc,
> or in my case natting externally accessible/routable hosts), it pisses
> me off.
>
> People use it because they have a need to do something. B When you're
> told there's a better way to do things, pay attention, instead of
> telling the experts here (and I'm talking about the openbsd developers
> in this thread - not me, I'm in management now, no brain cells left)
> they're wrong because you have all these great URLs - if you want to
> listen to those people, then you should be using the OS they use too.
so you prefer to take someone's word blindly without any backing
evidence or facts, so long as you believe they are a credible source?
Maybe management is a good place for you, but I'd hate to be a
shareholder in a company people like you may have any sort of
influential role in steering its goals and/or direction.
"Perhaps as one of the older generation, I should preach a
little sermon to you, but I do not propose to do so. I shall,
instead, give you a word of advice about how to behave
toward your elders. When an old and distinguished person
apeaks to you, listen to him carefully and with respect -- but
do not believe him. Never put your trust in anything but your
own intellect. Your elder, no matter whether he has gray hair
or lost his hair, no matter whether he is a Nobel Laureate,
may be wrong... So you must always be skeptical -- always
think for yourself."
-- Linus Pauling
> On 4/26/09, Felipe Alfaro Solana <felipe.alf...@gmail.com> wrote:
>> On Sun, Apr 26, 2009 at 9:21 PM, bofh <goodb...@gmail.com> wrote:
>>
>>> Anyone who puts in an inline IDS is a damned idiot. B D stands for
>>> detection, so you should always use a tap or something else. B Only IPS
>>> should be inline.
>>
>>
>> You should provide arguments, not empty words. At least, if you are
calling
>> people idiot.
>>
>>
>>> You obviously do not know what you're talking about. B Things like NAT
>>> have their uses to, but people who design networks including DMZs and
>>> networks that require external routing but put them behind NATs
>>> deserve everything they get.
>>
>>
>> I don't know what DMZ and NAT has to do with what we're discussing here.
>> Instead of calling people idiots you could provide a valid reasoning
>> supported by arguments.
>>
>>
>>>
>>>
>>> On 4/26/09, Felipe Alfaro Solana <felipe.alf...@gmail.com> wrote:
>>> > On Sat, Apr 25, 2009 at 3:57 PM, Henning Brauer
>>> > <lists-open...@bsws.de>wrote:
>>> >
>>> >> * openbsder <openbs...@gmail.com> [2009-04-24 12:19]:
>>> >> > Recently, it has been suggested that a transparent firewall
>>> >> implementation
>>> >> > is ideal where possible. But as far as I understand, transparency is
>>> >> > only
>>> >> > available when the firewall acts as a bridge between TWO networks.
>>> >> > How
>>> >> would
>>> >> > I keep my DMZ and LAN both while using a bridging firewall. Is it
>>> >> > even
>>> >> > possible?
>>> >>
>>> >> yes. lots of idiots do it.
>>> >
>>> >
>>> > Really? What's wrong with transparent bridging? What's wrong with a
>>> > transparent, in-line IDS? What's wrong with a software tap? All of
>>> > these
>>> > technologies use some sort of transparent bridging and are not being
>>> > used
>>> > exclusively by idiots, but also smart people [1] [2]
>>> >
>>> > [1]
>>> >
>>>
http://eatingsecurity.blogspot.com/2007/09/transparent-bridging-mmap-pcap-and
.html
>>> > [2] http://www.shiftedbit.net/IDS.txt
>>> > [3] http://www.securityfocus.com/infocus/1737
>>> >
>>> > bridging is stupid. don't. there are cases where you can't avoid it,
>>> >> but deliberately? about as clever as knowingly drinking methanol.
>>> >
>>> >
>>> > Bridging, in the ample sense, is not stupid. Your switch is doing that.
>>> > Bridging, in the sense of firewalls, is also not stupid. There are
>>> reasons
>>> > why you want to use a transparent bridging-mode firewall.
>>> >
>>> >
>>> >>
>>> >> --
>>> >> Henning Brauer, h...@bsws.de, henn...@openbsd.org
>>> >> BS Web Services, http://bsws.de
>>> >> Full-Service ISP - Secure Hosting, Mail and DNS Services
>>> >> Dedicated Servers, Rootservers, Application Hosting - Hamburg &
>>> Amsterdam
>>> >>
>>> >>
>>> >
>>> >
>>> > --
>>> > http://www.felipe-alfaro.org/blog/disclaimer/
>>> >
>>> >
>>>
>>> --
>>> Sent from my mobile device
>>>
>>> http://www.glumbert.com/media/shift
>>> http://www.youtube.com/watch?v=tGvHNNOLnCk
>>> "This officer's men seem to follow him merely out of idle curiosity."
>>> -- Sandhurst officer cadet evaluation.
>>> "Securing an environment of Windows platforms from abuse - external or
>>> internal - is akin to trying to install sprinklers in a fireworks
>>> factory where smoking on the job is permitted." B -- Gene Spafford
>>> learn french:
B http://www.youtube.com/watch?v=j1G-3laJJP0&feature=related
>>>
>>>
>>
>>
>> --
>> http://www.felipe-alfaro.org/blog/disclaimer/
>>
>
> --
> Sent from my mobile device
>
> http://www.glumbert.com/media/shift
> http://www.youtube.com/watch?v=tGvHNNOLnCk
> "This officer's men seem to follow him merely out of idle curiosity."
> -- Sandhurst officer cadet evaluation.
> "Securing an environment of Windows platforms from abuse - external or
> internal - is akin to trying to install sprinklers in a fireworks
> factory where smoking on the job is permitted." B -- Gene Spafford
> learn french: B http://www.youtube.com/watch?v=j1G-3laJJP0&feature=related
