At Thu, 07 Aug 2003 14:25:18 +1000, Andrew White wrote: > Keith Moore wrote: > > > it's far easier to filter global addresses than to filter local ones. > > *boggle* Am I the only one that finds this claim nonsensical?
I wouldn't phrase it as Keith did, but I think that I end up in the same place: it's easier to filter just global addresses than it is to filter both global and local addresses, particularly when there are so many inventive ways of combining different kinds of addresses to make still more addresses (eg, 6to4 + rfc 1918). Oh, you thought I -trusted- hosts with several thousand executable programs on them running who knows what to get this stuff right? Heck, I filter the NFS ports on boxes that have NFS disabled at compile time. Never trust any machine more complicated than a spoon. -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
