Router/Firewall Recommendation

[Otto Haliburton]

> -----Original Message-----
> From: redhat-list-bounces at redhat.com [mailto:redhat-list-
> bounces at redhat.com] On Behalf Of Rodolfo J. Paiz
> Sent: Thursday, June 24, 2004 2:23 AM
> To: General Red Hat Linux discussion list
> Subject: RE: Router/Firewall Recommendation
> 
> At 12:34 AM 6/24/2004, Otto Haliburton wrote:
> >Well, I guess the theory behind NAT is really simple and penetration is
> very
> >simple then, but I don't think so.  The first level is penetrated
> >automatically is a way of saying 'defeat the OS and you're in the world'
> and
> >that ain't no bullshit cause that is exactly what happens when you are
> >hacked.  You don't try to penetrate the defense, you penetrate the OS
> then
> >shutdown the defense, get it.  With the little blue box as you call it.
> If
> >it fails then the network is lost period because all ip's are lost.
> 
> Apples and oranges, hence irrelevant. No relation between hacking a box
> and
> the box failing.
> 
>          1. The LBB has an OS as well (see the Linksys WRT54G router, it
> runs Linux!), and even the ones in firmware have OS-level capabilities for
> what they do. So both the LBB and the Linux box *can* be hacked. Whether A
> or B has or has not *yet* been hacked is another argument, but claiming
> that one is perfect and the other is awful is just unreasonable no matter
> which side of the argument you prefer.
> 
>          2. You said that "if the little blue box [...] fails" and
> explained that the boxes behind it are now secure since they are now cut
> off from the world. Well, no shit, Sherlock! OF COURSE if the box fails
> then everyone behind it is cut off and is thus "secure". If *any* router
> or
> firewall fails then the same thing happens. But we're talking about
> vulnerabilities, not failure. Your point has no value.
> 
> >Routers are not perfect but they are a cheap nearly perfect
> >solution.
> 
> Weren't you saying just two messages ago that routers have problems, that
> they're "very vulnerable", etc.? Now it's just *your* favorite routers
> that
> are "a cheap nearly perfect solution"? I call bullshit... again, and for
> about the fifth time I think.
> 
> >I don't like be called wrong and I am generally not, it takes all
> >of 15 minutes to get excellent security, vs 20 months of building
> security.
> 
> Oh, gee, now isn't *that* humble. Take your ego out of the equation and
> look at the nice, extreme things you are saying. Try to prove one or any
> of
> them, and argue them consistently and without mixing issues. See how far
> you get then.
> 
> I'm done. Anyone reading this thread (including you) who has enough sense
> to come in out of the rain should see the arguments on both sides and have
> made up their mind by now. I need some sleep, and I'm leaving on a trip
> for
> three days so I'll be offline.
> 
> Enjoy your LBB, as will some of my customers since they are nice little
> boxes. Others will enjoy their Linux boxes. And enjoy your hubris while it
> lasts.
> 
> 
> --
> Rodolfo J. Paiz
> rpaiz at simpaticus.com
> http://www.simpaticus.com
> 
you have a tendency to exaggerate.  Remember moderation is the key to
happiness!!!!