Concerning the firewall book.
Firewalls and Internet Security, Second Edition
PDF online at
https://www.wilyhacker.com/fw2e.pdf
"Some people think that NAT boxes are a form of
firewall. In some sense, they are, but they're low-end ones."
On Feb 17, 2024, at 11:27 AM, William Herrin wrote:
>
> On Sat, Feb 17, 2024 at 10:34?AM Michael Thomas wrote:
>
>> Funny, I don't recall Bellovin and Cheswick's Firewall book discussing
>> NAT.
>
> And mine too, since I hadn't heard of "Firewalls and Internet
> Security: Repelling the Wily
The whole situation with these WAF as a service setups is a nightmare for the
affected (afflicted) parties.
I saw this problem from both sides when I was at Akamai. It’s not great from
the service provider side, but it’s an absolute shit show for anyone on the
wrong side of a block. There’s no
If a contact who manages North American peering at AS16509 could reach out
off-list, that would be appreciated. Myself and a few colleagues have
attempted to reach out via the contacts listed on PeeringDB on multiple
occasions over the last couple of months and have not been successful in
reaching
On 2/17/24 11:27 AM, William Herrin wrote:
On Sat, Feb 17, 2024 at 10:34 AM Michael Thomas wrote:
I didn't hear about NAT until the
late 90's, iirc. I've definitely not heard of Gauntlet.
Then there are gaps in your knowledge.
Funny, I don't recall Bellovin and Cheswick's Firewall book dis
On 2/18/24 8:47 AM, Greg Skinner via NANOG wrote:
On Feb 17, 2024, at 11:27 AM, William Herrin wrote:
On Sat, Feb 17, 2024 at 10:34?AM Michael Thomas wrote:
Funny, I don't recall Bellovin and Cheswick's Firewall book discussing
NAT.
And mine too, since I hadn't heard of "Firewalls and Int
Michael Thomas wrote on 18/02/2024 20:28:
I do know that Cablelabs pretty early on -- around the time I
mentioned above -- has been pushing for v6. Maybe Jason Livingood can
clue us in. Getting cable operators onboard too would certainly be a
good thing,
availability of provider-side ipv6 sup
On 2/18/24 12:50 PM, Nick Hilliard wrote:
Michael Thomas wrote on 18/02/2024 20:28:
I do know that Cablelabs pretty early on -- around the time I
mentioned above -- has been pushing for v6. Maybe Jason Livingood can
clue us in. Getting cable operators onboard too would certainly be a
good th
Michael Thomas wrote on 18/02/2024 20:56:
That's really great to hear. Of course there is still the problem with
CPE that doesn't speak v6, but that's not their fault and gives some
reason to use their CPE.
Already solved: cable modem ipv6 support is usually also excellent, both
in terms of s
On 2/18/24 1:10 PM, Nick Hilliard wrote:
Michael Thomas wrote on 18/02/2024 20:56:
That's really great to hear. Of course there is still the problem
with CPE that doesn't speak v6, but that's not their fault and gives
some reason to use their CPE.
Already solved: cable modem ipv6 support is
Michael Thomas wrote on 18/02/2024 21:18:
So it has its own wireless? I seem to recall that there were some
economic reasons to use their CPE as little as possible to avoid rent.
Has that changed? Or can I run down and just buy a Cablelabs certified
router/modem these days?
There's no short a
It appears that Nick Hilliard said:
>full control of all modems and they're all relatively recent, properly
>supported units, fully managed by the cable operator. If you start
>adding poor quality cheap units into the mix, it can cause service problems.
The cablecos I've dealt with have a list
On Sun, 18 Feb 2024, 05:29 Owen DeLong via NANOG, wrote:
> Most firewalls are default deny. Routers are default allow unless you put
> a filter on the interface.
>
This is not relevant though. NAT when doing port overloading, as is the
case for most CPE, is not default-deny or default-allow. The
13 matches
Mail list logo
