> Pekka Savola wrote: > For example, for some services I maintain, I have: > - TCP wrappers configuration in the host/service itself, > using /etc/hosts.allow > - The local host firewall settings, doing similar > restrictions as above > - Missing default route on the host, only some selected > routes used > - The first hop router/firewall settings > - A configuration at the site border router
To beat you with your own argument: all of these things can be easily hacked, therefore there are no reasons to use them. Why are your security precautions this different than localized addresses? It is as easy to hack the hosts.allow than it is to create a tunnel outside. Remember the car lock analogy: your host.allow trick is no better than the typical car lock: a vaguely clued low-level thief will open it in a matter of seconds. And still you use it. Michel. -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
