Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

codered/nimda blocking



On Tue, Nov 06, 2001 at 12:44:26PM -0500, Patrick McManus wrote:
> [Derek D. Martin: Tue, Nov 06, 2001 at 11:44:46AM -0500]
> >Interesting...  A firewall is nothing more than a router that filters
> >traffic. 
> 
> that's simply not true. The architecture of an ISP router is nothing
> like that of a firewall. It's apples and oranges.

No, it simply is true, generically.  You're talking about specific
implementations of hardware, and I'm talking about concepts.  A
firewall is a router that filters.  Period.  Routers route packets
between two networks.  Do firewalls do this?  Generally, yes.  So they
must be routers.  And their express purpose is to filter packets...

Various implementations of hardware will be designed and optimized for
different tasks.  That doesn't make my statement any less valid.

> HTTP filtering is an application level issue.

It seems to me you're completely missing my point.  If my network is
overloaded, it doesn't matter whether it's with HTTP packets, ICMP
packets, or frobnozz packets.  It's still gonna make things run slow.
The only way to prevent that is to keep the packets that are causing
the problem off my network.  An application-level filter on my network
isn't going to solve squat.

-- 
Derek Martin               ddm at pizzashack.org    
---------------------------------------------
I prefer mail encrypted with PGP/GPG!
GnuPG Key ID: 0x81CFE75D
Retrieve my public key at http://pgp.mit.edu
Learn more about it at http://www.gnupg.org




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org