[unisog] Are cisco router VLAN ACL's stateful like a PIX?

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Wed Feb 2 16:28:45 GMT 2005


On Wed, 02 Feb 2005 21:25:28 +1300, Russell Fulton said:

> Agreed, at the border, but we were talking about blocks within the
> network (on the backbone interfaces of our sector switches) and between
> vlans.  We have had 137 and friends blocked at the border since we
> joined the Internet in 1989.

Can anybody at your site explain why a machine on the other side of campus
is considered more trustworthy than one on another continent?

The usual reason given is some variant on "because if they hack into me, I know
where to find them and beat the snot out of them".  This in fact works if
you're discussing an attack launched at the user's request.  However, when the
machine on the other side of campus is attacking you at the behest of somebody
on another continent, it breaks down a bit.  

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050202/7f79daf9/attachment-0002.bin


More information about the unisog mailing list