> -----Original Message----- > From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx > [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of > Richard Pickett > Sent: Tuesday, December 27, 2005 11:49 AM > To: 'netfilter' > Subject: RE: DROP TCP output to HTTP attackers? > > > > My only comment would be that for proxy users (AOL, for > instance) you > > may end up dropping legitimate traffic. The risk/reward of that is > > something you'll have to determine for yourself. > > My logic is like this, if AOL polices it's outbound traffic the way we > police our inbound traffic AOL wouldn't ever send us illegal packets. > > Oh, they've got these big adds on TV about how they are so > safe etc. I'm > sure by now my systems have all their public IPs blocked. > > An additional thought is friends don't let friends do AOL. If > they want > to use the service they have to accept the lameness that comes along > with it. > > AOL has obviously compromised on security. Why should we compromise on > security with them? > I agree with you. However, my small web site serves a function for a group of people, some of whom are, >and will remain<, completely computer illiterate. In view of my observations mentioned in a another e-mail, perhaps I should analyze packets after, perhaps, an hour of silence. Mike. -- Michael D. Berger m.d.berger@xxxxxxxx
