----- Original Message -----
From: "Owen DeLong" <owen@delong.com>
If your firewall is not working, it should not be passing packets.
Yes; your arguments all seem to depend on that property being true. But we call it a *failure* for a reason, Owen. What the probability is of a firewall failing in such a fashion as to *stop filtering, but still pass packets* depends -- as you have pointed out -- entirely on its design. As *I* have pointed out, not all firewalls are created equal, and there are a helluva a lot of them out there for which this desirable property *simply is not true*. Sticking your head in the sand on this point is not especially productive. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274