> My only comment would be that for proxy users (AOL, for instance) you > may end up dropping legitimate traffic. The risk/reward of that is > something you'll have to determine for yourself. My logic is like this, if AOL polices it's outbound traffic the way we police our inbound traffic AOL wouldn't ever send us illegal packets. Oh, they've got these big adds on TV about how they are so safe etc. I'm sure by now my systems have all their public IPs blocked. An additional thought is friends don't let friends do AOL. If they want to use the service they have to accept the lameness that comes along with it. AOL has obviously compromised on security. Why should we compromise on security with them?
