Router/Firewall Recommendation

Otto Haliburton ottohaliburton at comcast.net
Fri Jun 25 12:00:40 UTC 2004 

Quite often the late comer misses the point.  The bullshit comments were in
response to my comments being called bullshit.  So read the thread and get
the info.  Your comments are well taken, except that a packet has to do more
than after it gets routed to a box.  The most that could happen is that you
get the ip addresses which by the way or 192.... You get the point. What can
you do with them since everybody and there grandma are allowed to have 192
ip addresses.  Top posting to continue the tradition.

> -----Original Message-----
> From: redhat-list-bounces at redhat.com [mailto:redhat-list-
> bounces at redhat.com] On Behalf Of Steve
> Sent: Friday, June 25, 2004 5:59 AM
> To: General Red Hat Linux discussion list
> Subject: RE: Router/Firewall Recommendation
> 
> On Fri, 25 Jun 2004, Steve wrote:
> 
> >
> > Top posting just to annoy everyone.
> 
> Sorry, just sent that accidently.. :-)
> 
> Just to add to this.
> 
> One thing to be especially careful of is that while a NAT connection may
> _seem_ secure, in reality is is NOT. there are a LOT of ways to get around
> NAT devices because they act as drop in router boxes. and act as such.
> 
> What does this mean ? well, if you can craft a packet (damn crafty
> packets) and have it hit the internet facing interface of the device then
> the box will suprisingly enough, route the packet to the inside boxes that
> it knows about.
> 
> It is relativly trivial to find out the actual source IP of machines
> behind NAT devices, even moreso if you connect to an ISP that allows some
> nifty ICMP type messages.
> 
> relying on someone else for security is never an option, tho the methods
> you emply to protect yourself are relative to the percived security of the
> information you are trying to protect.
> 
> Drop in appliances are an easy way out but are not the be all and end all
> of security (the NZADSL list has a LOT to say on that point)
> 
> People presume too much of nat and security is something that should be
> instrinsic to your design, not a plug on addition.
> 
> Please, 'nuf of the insults - Otto, calling opinions sent here "bullshit"
> is not really a professional way of getting your point across (and yes, I
> have been guilty of worse) There are a number of extremely knowledgable
> people here that offer their advice freely, please - lets not insult each
> other over a simple query.
> 
> 
> --
> Steve.
> 
> PS : I'm still sorta top posting !
> 
> >
> >
> > On Fri, 25 Jun 2004, Otto Haliburton wrote:
> > > This is the final, my answer is not the only answer it is a logical
> answer
> > > and that is your problem.  If you have more than one computer in a lan
> then
> > > you are using a router or a hub.  So your network is bound by a hub,
> or a
> > > router.  If you are using a hub, then you are using one of your
> computers as
> > > a router.  So you are sitting here talking about a bunch of bullshit
> cause
> > > you have to be hooked up with one of these things to have a lan.  If
> you
> > > have a choice of whether to buy a router or a hub, then you have to
> make a
> > > decision as to what your ISP is going to do.  A router allows multiple
> > > computers to use a single ip address and since it does address
> translation
> > > it allows you to acquire a firewall in the process.  You also get
> another
> > > slight advantage and that is if your isp charges for extra ip address
> then
> > > you don't have to pay cause you are only using one.  So while you are
> > > talking that bullshit I am totally aware that you are using personally
> > > either a router or a hub if you have more than one computer networked.
> So
> > > my solution is not the only solution it is the logical solution.  Why
> would
> > > I waste a perfectly good computer to do routing when I could use the
> > > computing power to do something else unless I have too.  I personally
> think
> > > that you are out here trolling, cause if you have computers networked
> then
> > > you are using one of these hardware devices.
> > >
> > >
> > >
> > >
> >
> >
> >
> >
> 
> 
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list

More information about the redhat-list mailing list