Firewall rules

Bob George mailings02@ttlexceeded.com
Thu Sep 16 13:57:50 UTC 2004


Vernon Schryver wrote:
> [...]
> I cannot follow that approach.  I could be wrong, but I doubt I
> need to worry about "liability concerns" for publishing
> http://www.rhyolite.com/anti-spam/dcc/firewall.html

IANAL either! Just trying to say that there's a tendency for folks to 
want to blame others when things go wrong. Personally, I'd just avoid 
the issue. It's your call, or course.

> I do not intend to get into the security consultant business or the
> security consultant advertising, referral, or recommending businesses.
> Going into any of those business could expose me to real "liability
> concerns."

Exactly. Unless I'm DOING security work, I don't tell folks how to 
implement security.

> I know that telling people "do whatever you do for DNS except for port
> 6277 instead of 53" simply does not work in a large minority and perhaps
> a majority of installations of DCC servers or DCC clients.  I also
> tried describing the DCC traffic and expecting people to figure out
> what they need to do, but found that simply does not work most people.
> That set of Cisco rules seems to have helped even for many sites that
> have no Cisco equipment.

I realize you're doing them a favor but IS a hole. But most importantly, 
don't let it distract from the other good work you do.

Just my $.02

- Bob



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.