tech-net: Re: SOLVED! The cause of puzzling TCP (eg. WHOIS) connection failures with some InterNIC.net hosts

Subject: Re: SOLVED! The cause of puzzling TCP (eg. WHOIS) connection failures with some InterNIC.net hosts
To: None <tech-net@netbsd.org>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: tech-net
Date: 11/22/1998 15:48:43

> Seriously, I've talked to a lot of firewall administrators, at
> commercial sites, educational sites, three letter government agencies
> (even ones that don't exist), and there has been one _unvarying_
> theme.  They universally do not understand the protocols they are
> filtering.

If I might offer a dissenting point of view....

I work at two sites that have some degree of firewall filtering in
place.  (They have very different filtering policies, but they also
have very different needs.)

At each site, I am partially responsible for the firewall, and probably
could argue the other people into something I felt strongly about
(provided it's for technical reasons, not religious ones).  One of the
sites has (for good reason) a deny-by-default policy, and to the extent
that that means filtering protocols we've never heard of, it means
filtering protocols we don't understand.  But aside from that, I think
I, at least, understand the IP suite enough to understand what we're
filtering and why.  (When I have occasion to look, of course; since I
am secondary admin in each case, I haven't done a full audit of what's
being filtered.)

					der Mouse

			       mouse@rodents.montreal.qc.ca
		     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B