From: Gregory Maxwell <greg@linuxpower.cx>
To: Dominik Kubla <dominik.kubla@uni-mainz.de>,
James Sutherland <jas88@cam.ac.uk>,
David Schwartz <davids@webmaster.com>,
Jamie Lokier <lk@tantalophile.demon.co.uk>,
linux-kernel@vger.kernel.org
Subject: [OT] Re: hotmail not dealing with ECN
Date: Sat, 27 Jan 2001 23:35:43 -0500 [thread overview]
Message-ID: <20010127233543.D7467@xi.linuxpower.cx> (raw)
In-Reply-To: <NCBBLIEPOCNJOAEKBEAKCECMNFAA.davids@webmaster.com> <Pine.SOL.4.21.0101272308030.701-100000@green.csi.cam.ac.uk> <20010127191159.B7467@xi.linuxpower.cx> <20010128021025.D800@uni-mainz.de>
In-Reply-To: <20010128021025.D800@uni-mainz.de>; from dominik.kubla@uni-mainz.de on Sun, Jan 28, 2001 at 02:10:25AM +0100
On Sun, Jan 28, 2001 at 02:10:25AM +0100, Dominik Kubla wrote:
> On Sat, Jan 27, 2001 at 07:11:59PM -0500, Gregory Maxwell wrote:
> > It's this kind of ignorance that makes the internet a less secure and stable
> > place.
>
> You have obviously absolutely no idea what you are talking about. Period.
Your following comments show exactly who is has no idea of what he is
talking about. Period.
> > The network should not be a stateful device. If you need stateful
> > firewalling the only place it should be implimented is on the end node. If
> > management of that is a problem, then make an interface solve that problem
> > insted of breaking the damn network.
>
> So how do you propose to secure devices like MRT's or X-Ray scanners or
> life-support in a hospital? Nowadays this equipment is hooked to the
> internal network of the hospital and protected by really paranoid
> firewalls. Do you really want unneeded software on those devices?
Oh yes! This provides you with virtually zero extra security.
Now someone in the next room, perhaps the lobby, is free to attack the
system... Which probably has very little extra security and trusts the
network (after all, it's firewall protected).
An attack against an Xray system is much more likely to come from inside the
companies network.
The only way to have firewall protection against even a simple majority of
attacks is to implement a firewall per system. That would be expensive, and
wasteful, so it makes a lot more sense to implement a firewall IN every
system. Such a thing can be done at zero expense with practically no
performance loss and not break the end-to-end model of the Internet.
But such a simple solution would totally invalidate the use for most
security 'experts' and their products.
Firewalling is commodity. Cope. It's much more useful to push it to the
end-node where it belongs. But look where security companies make their
money.... The most common business affecting security violations are
internal. Yes, many security companies are making most of their money
selling expensive and pointless network profalatics. Why? For firewalling to
be affordable on every system, it has to be free. Thats not profitable for
security companies which is why you never hear it suggested, even though it
actually can defend against the most common threats.
The very fact that you bring up medical systems and suggest that I purposed
leaving them unsecured shows that your only avenue for discussion was
hysteria.
> Or what about the computer systems in nuclear powerplants? In air defense
> systems? Power grids? Water supply?
> Oh come on! Just reread some of the newspapers back from Dec 31 1999!
Mythology and hysteria. The same things that promotes the propagation of
network degrading central firewalls.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
next prev parent reply other threads:[~2001-01-28 4:36 UTC|newest]
Thread overview: 84+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-01-25 5:43 hotmail not dealing with ECN Jeremy Hansen
2001-01-25 7:37 ` Juri Haberland
2001-01-25 9:06 ` David S. Miller
2001-01-26 1:12 ` Lincoln Dale
2001-01-25 23:31 ` H. Peter Anvin
2001-01-26 1:30 ` David S. Miller
2001-01-26 1:38 ` H. Peter Anvin
2001-01-26 1:43 ` David S. Miller
2001-01-26 1:49 ` H. Peter Anvin
2001-01-26 2:10 ` David S. Miller
2001-01-26 2:15 ` H. Peter Anvin
2001-01-26 8:54 ` Helge Hafting
2001-01-26 18:04 ` Rick Jones
2001-01-27 7:11 ` Rusty Russell
2001-01-31 10:56 ` Alan Cox
2001-01-27 4:10 ` David Wagner
2001-01-27 4:59 ` Brian May
2001-01-27 18:18 ` Frank v Waveren
2001-01-27 19:20 ` Gregory Maxwell
2001-01-27 19:22 ` Frank v Waveren
2001-01-27 19:58 ` Jamie Lokier
2001-01-27 20:14 ` Gregory Maxwell
2001-01-27 22:18 ` David Schwartz
2001-01-27 23:09 ` James Sutherland
2001-01-28 0:11 ` Gregory Maxwell
2001-01-28 1:10 ` Dominik Kubla
2001-01-28 4:35 ` Gregory Maxwell [this message]
2001-01-28 12:57 ` [OT] " Dominik Kubla
2001-01-28 15:45 ` Michael H. Warfield
2001-01-28 19:30 ` Gregory Maxwell
2001-01-28 22:16 ` Dominik Kubla
2001-01-28 8:48 ` James Sutherland
2001-01-28 0:06 ` Gregory Maxwell
2001-01-28 3:27 ` David Schwartz
2001-01-28 0:58 ` David Lang
2001-01-26 2:24 ` Johannes Erdfelt
2001-01-26 3:03 ` Brian May
2001-01-26 5:06 ` Jeremy M. Dolan
2001-01-26 14:04 ` Florian Weimer
2001-01-27 10:00 ` Rogier Wolff
2001-01-31 10:46 ` Alan Cox
2001-01-26 10:37 ` Matti Aarnio
2001-01-26 11:32 ` David S. Miller
2001-01-26 11:40 ` James Sutherland
2001-01-26 11:44 ` Lars Marowsky-Bree
2001-01-26 13:44 ` James Sutherland
2001-01-26 14:44 ` Lars Marowsky-Bree
2001-01-26 15:03 ` Jamie Lokier
2001-01-26 15:14 ` David S. Miller
2001-01-26 15:24 ` Jamie Lokier
2001-01-26 17:05 ` ECN Simon Kirby
2001-01-26 18:12 ` ECN Andrea Arcangeli
2001-01-26 15:16 ` hotmail not dealing with ECN Dominik Kubla
2001-01-26 15:27 ` Jamie Lokier
2001-01-26 22:26 ` Dominik Kubla
2001-01-26 22:30 ` H. Peter Anvin
2001-01-26 15:35 ` Marian Jancar
2001-01-26 16:28 ` H. Peter Anvin
2001-01-28 1:59 ` Dax Kelson
2001-01-28 16:51 ` Jamie Lokier
2001-01-26 23:47 ` ECN -? Anything _I_ need to do to allow it? List User
2001-01-27 9:58 ` Matti Aarnio
2001-01-26 11:50 ` hotmail not dealing with ECN David S. Miller
2001-01-26 13:52 ` James Sutherland
2001-01-26 13:54 ` David S. Miller
2001-01-26 14:12 ` Jamie Lokier
2001-01-26 15:08 ` James Sutherland
2001-01-26 15:13 ` Lars Marowsky-Bree
2001-01-26 15:29 ` James Sutherland
2001-01-26 15:55 ` Chris Ricker
2001-01-26 18:37 ` Henning P. Schmiedehausen
2001-01-26 19:17 ` Matti Aarnio
2001-01-26 19:55 ` Jeremy M. Dolan
2001-01-26 15:34 ` Jamie Lokier
2001-01-26 17:37 ` Drago Goricanec
2001-01-26 14:11 ` Jamie Lokier
2001-01-26 18:19 ` Olaf Titz
2001-01-26 14:10 ` Jamie Lokier
2001-01-26 14:39 ` David S. Miller
2001-01-26 14:46 ` Lars Marowsky-Bree
2001-01-26 14:50 ` David S. Miller
2001-01-26 14:57 ` Jamie Lokier
2001-01-27 0:18 ` Thunder from the hill
2001-01-27 0:15 ` Thunder from the hill
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20010127233543.D7467@xi.linuxpower.cx \
--to=greg@linuxpower.cx \
--cc=davids@webmaster.com \
--cc=dominik.kubla@uni-mainz.de \
--cc=jas88@cam.ac.uk \
--cc=linux-kernel@vger.kernel.org \
--cc=lk@tantalophile.demon.co.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox