On Jan 6, 2011, at 1:02 AM, TJ wrote:
if you are permitting external hosts the ability to scan your internal network in an unrestricted fashion
DCN aside, how precisely does one define 'internal network' in, say, the context of the production network of a broadband access SP, or hosting/colocation/VPS/IaaS SP? Surely you aren't advocating wedging stateful firewalls into broadband access networks or in front of servers, with all the DoS chokepoint breakage that implies? ------------------------------------------------------------------------ Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> Most software today is very much like an Egyptian pyramid, with millions of bricks piled on top of each other, with no structural integrity, but just done by brute force and thousands of slaves. -- Alan Kay