Subject: Re: SOLVED! The cause of puzzling TCP (eg. WHOIS) connection failures with some InterNIC.net hosts
To: Henry Miller <firstname.lastname@example.org>
From: Ken Hornstein <email@example.com>
Date: 11/22/1998 00:31:41
>ICMP, and who cannot explain why should be FIRED! Most of us don't
>adminster firewalls for three letter goverment agencys. (I don't, but
>marketing tells me that ICMP filtering is a requirement for such people.
>They also understand all of the discussion above)
I have yet to see evidence that either of those statements are true. :-/
Seriously, I've talked to a lot of firewall administrators, at
commercial sites, educational sites, three letter government agencies
(even ones that don't exist), and there has been one _unvarying_
theme. They universally do not understand the protocols they are
filtering. If they _did_ understand these protocols, then they
wouldn't be firewall administrators.
The firewalls I've encountered have all been "set it and leave it".
I will fully admit that I have no statistics to back up my claim, just
ancedotal evidence. I'm convinced of one thing, however: there are
plenty of dumb firewall administrators. I'm sure there are good ones
out there ... I just haven't met them yet.