[LINK] Streaming TV Tests
saliya at hinet.net.au
Fri Mar 30 15:03:21 EST 2007
On Fri, Mar 30, 2007 at 01:23:34PM +1000, Craig Sanders wrote:
> On Fri, Mar 30, 2007 at 09:41:22AM +1000, Howard Lowndes wrote:
> > Craig Sanders wrote:
> > >many protocols and services are udp - including DNS lookups. only an
> > >idiot would block all UDP packets.
> > Same way that only an idiot would block ICMP, but it happens...
> it would be noticed a lot quicker because they'd be blocking dns, so nothing
> would work.
> blocking ICMP is just as broken, but not as *obviously* broken.
I'm sure that everyone knows this; but in today's day and age protocol/port
blocks/drops are a reality and are in many cases a Good Thing.
Blanket blocking of any protocol can be viewed as a little silly;
but saying 'blocking ICMP is broken' just ain't so. Not too many
people need ICMP type 13, for example.
Blocking things-that-need-to-be-allowed is broken.
Allowing things-that-need-to-be-blocked is broken.
> craig sanders <cas at taz.net.au>
> "The intelligent beings in these regions should therefore not be surprised
> if they observe that their locality in the universe satisfies the conditions
> that are necessary for their existence. It is a bit like a rich person
> living in a wealthy neighborhood not seeing any poverty."
> [Stephen Hawking]
> Link mailing list
> Link at mailman.anu.edu.au
More information about the Link