home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.protocols.tcp-ip
- Path: sparky!uunet!sci34hub!gary
- From: gary@sci34hub.sci.com (Gary Heston)
- Subject: Firewall usage (was: Re: ping works, but ftp/telnet get "no route)
- Message-ID: <1992Jul23.142026.20112@sci34hub.sci.com>
- Reply-To: gary@sci34hub.sci.com (Gary Heston)
- Organization: SCI Systems, Inc., Huntsville, Al.
- References: <BrruC8.FEo@spock.dis.cccd.edu> <BrsM1C.36v@cs.columbia.edu>
- Date: Thu, 23 Jul 1992 14:20:26 GMT
- Lines: 43
-
- In article <BrsM1C.36v@cs.columbia.edu> ji@cs.columbia.edu (John Ioannidis) writes:
- >In article <BrruC8.FEo@spock.dis.cccd.edu> markb@spock.dis.cccd.edu (Mark Bixby) writes:
- >>Why would I be able to ping a site OK, but when I try to ftp or telnet to it
- >>I receive a "no route to host" error? ....
-
- >The site you are trying to ping is running a firewall gateway, because
- >they're too lazy to beef up their host security and are relying on the
- >firewall to protect themselves against external attacks.
-
- I have to take exception to this remark. Use of a firewall doesn't indicate
- laziness on the part of a site; it most probably means that the persons
- responsible for the Internet connection and security of the sites' net are
- either too understaffed to maintain all the hosts on their site, or they
- don't have control over all the hosts, and are therefore not able to make
- them secure. And there are doubtless many sites that suffer from both
- problems.
-
- >I wish I had a transcript of Dave Clark's talk at the IETF last week.
- >He said some great things about firewall gateways and mailbridges, and
- >how they've essentially destroyed the whole purpose of having an IP
- >internet, and have forced a lot of us to use mail as a transport-level
- >protocol.
-
- Yeah, I'd probably enjoy reading it myself. Unfortunantly, with the explosive
- growth of the net, it's no longer an approximation of an ideal world. In
- an ideal world, we wouldn't need locks on our doors, keyswitches in our
- cars, or firewalls on our nets.
-
- There are other considerations, too; accounting for net traffic (it does
- cost someone money somewhere down the line), maintaining security of
- proprietary, sensitive, confidential, or classified information, and
- insuring that resorces are used for the intended purpose by the people
- they're provided for.
-
- Flaming admins as being "lazy" because a firewall is in place is *way*
- out of line.
-
-
- --
- Gary Heston SCI Systems, Inc. gary@sci34hub.sci.com site admin
- The Chariman of the Board and the CFO speak for SCI. I'm neither.
- "Always remember, that someone, somewhere, is making a product that will
- make your product obselete." Georges Doriot, founder of American R & D.
-