On Thu, Feb 10, 2000 at 06:13:56PM -0800, Chris Cappuccio wrote:
Filtering incoming our outgoing ports for anybody's network but your own (not your customer's) is wrong. You know specifically what apps you are running. How can you know what your customer is running or what they want to do ?
Filtering my customers to prevent them from sending me packets with source ip addresses other than those they have told me about, or I have assigned to them is not wrong.
If the customer is aware this is happening or even requests this type of firewall service, that's great. But to filter ports on backbone routers is stupid.
Lets explain it this way: If I were operating a telephone network, I would only allow calls from numbers that I assigned, or my customers ask to be routed to them. Or even this: If I operate a cellular network, I can choose what the source number is on their telephone, and if I want to allow it. - Jared