Re: Dynamic routing on firewalls.
Just because a cat has kittens in the oven, you don't call them biscuits. A firewall can route, but it is not a router. Both have specialized tasks. You can fix a car with a swiss army knife, but why would you want to? -- Bill Thompson bi...@mahagonny.com On February 5, 2015 7:19:43 PM PST, Jeff McAdams je...@iglou.com wrote: On Thu, February 5, 2015 20:02, Joe Hamelin wrote: On Feb 5, 2015, at 2:49 PM, Ralph J.Mayer rma...@nerd-residenz.de wrote: a router is a router and a firewall is a firewall. Especially a Cisco ASA is no router, period. Man-o-man did I find that out when we had to renumber our network after we got bought by the French. Oh, I'll just pop on a secondary address on this interface... What? Needed to go through fits just to get a hairpin route in the thing. The ASA series is good at what it does, just don't plan on it acting like router IOS. Sorry, but I'm with Owen. Square : Rectangle :: Firewall : Router A firewall is a router, despite how much so many security folk try to deny it. And firewalls that seem to try to intentionally be crappy routers (ie, ASAs) have no place in my network. If it can't be a decent router, then its going to suck as a firewall too, because a firewall has to be able to play nice with the rest of the network, and if they can't do that, then I have no use for them. I'll get a firewall that does.
Re: dns interceptors
On Fri, 12 Feb 2010 17:32:33 -0500 Jared Mauch ja...@puck.nether.net wrote: On Feb 12, 2010, at 5:15 PM, Randy Bush wrote: i just lost ten minutes debugging what i thought was a server problem which turned out to be a dns trapper on the wireless in the changi sats lounge. this is not the first time i have been caught by this. what are other roaming folk doing about this? randy I typically VPN out of broken networks whenever possible. Operate a VPN/PPTP/IPSEC/squid-proxy/ssh on tcp/80/443 to work around the issues. - Jared Yep, this is what I do as well. It's a little disappointing that you have to tunnel into a trusted network in order to prevent shenanigans like that, but it seems to be the way things are. -- Bill Thompson bi...@mahagonny.com signature.asc Description: PGP signature
Re: A new twist in email scams?
On Fri, 6 Mar 2009 20:36:47 -0500 Joe Blanchard jbfixu...@gmail.com wrote: Sorry if I've missed some notes regarding this in previous threads, been off the air for a bit. A new twist on scamming email? A) I don't think this really belongs on NANOG, but I don't want to leave you hanging. B) He is going to send you a check for over the amount of money you agreed on and then ask you to wire the overage back to him minus a small amount For your trouble. Google Overpayment Scam. Good Luck, -- Bill Thompson bi...@mahagonny.com signature.asc Description: PGP signature