----- Original Message ----- > From: "Valdis Kletnieks" <valdis.kletni...@vt.edu>
> And this is totally overlooking the fact that the vast majority of *actual* > attacks these days are web-based drive-bys and similar things that most > firewalls are configured to pass through. Think about it - if a NAT'ed > firewall provides any real protection against real attacks, why are there > still > so many zombied systems out there? I mean, Windows Firewall has been shipping > with inbound "default deny" since XP SP2 or so. How many years ago was that? > And what *real* security over and above that host-based firewall are you > getting from that appliance? > > Or as Dr Phil would say "FIrewalls - how is that working out for you?" Do you have actual honest-to-ghod numbers, Valdis? And aren't you making here the same assumption for which we chastise people who run DNS resolvers that wildcard to advertising pages for NXDOMAIN: That all the world's a workstation? Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274