--===============0913683839==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="=-ATuzTJ1lhhqHNVrJ9PwO"


--=-ATuzTJ1lhhqHNVrJ9PwO
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Tue, 2006-06-20 at 13:49 +0530, Devdas Bhagat wrote:
> Bleh. Filtering out nameservers is one way of using a proxy to block
> traffic. You do run your own recursive resolvers anyway, right?


I do, but that was not the point. (see other email to Paul).

> This isn't a bandaid. Oh, and if you really want to stop the problem,
> why not just prevent the installation of the software in the first
> place?


Sometimes you don't have control over the computing environment when
people bring in their one devices (laptops etc). Your only option is to
block where you can, on your networking infrastructure. That's the case
in a surprisingly large number of shops, being it Universities or
Hospitals.=20

(no, please no "prevent unauthorized devices to the network" debates.)

> Firewalls _are_ bandaids. If software was written correctly, you
> wouldn't need them in the first place.


It's not about software, it's about traffic flow.

> My question would be, why aren't you running your own recursive resolver
> in the first place? Why are your clients directly talking to the world?


Again, not the point, and I'm familiar with Marcus rants about proxies.
I'm well aware about myriad of ways to tunnel out. Again, not the point.
The point was the lame response by an authority. (see email to Paul)

Cheers,
Frank

--=20
It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.


--=-ATuzTJ1lhhqHNVrJ9PwO
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (FreeBSD)

iD8DBQBEmDukGr6G9pK6fXURAoAGAKCarecS+HkP8yBVVEMnhx mDUKlmiwCgt7nJ
VQZvaES7MI2v1lpHMk6DNpk=
=v7nv
-----END PGP SIGNATURE-----

--=-ATuzTJ1lhhqHNVrJ9PwO--


--===============0913683839==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards

--===============0913683839==--