begin quoting Tracy R Reed as of Mon, Mar 27, 2006 at 10:23:16AM -0800: > Stewart Stremler wrote: > > FTP is a protocol that's not easily testable with a telnet client. > > Neither is ntp, nfs, rdp, X, or a zillion others. Being easily testable > with telnet just means the protocol is trivial.
Um, no. "Easily testable with telne" != "trivial". But that's beside the point. FTP *could* have been... the other big file-transfer protocol out there these days _is_ testable with telnet. > > You like default-allow security policies then? > > No, I like default-deny. That has nothing to do with NAT though. NAT enforces a default-deny policy. It has some other limitations, which is where most anti-NAT folks scream and shout... but if you hit those limitations, you really need to move up to proxy firewalls. Which, oddly enough, look like NAT to the outside world... all users behind it generally share one IP. -- _ |\_ \| -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
