On Sun, 09 Jun 2002 16:18:38 PDT, David Schwartz said:

> They can't filter port 53/tcp if the are authoritative for any domains.
> Support for TCP queries is not optional.

You'd be AMAZED at how many sites don't let a small thing like standards
stand in the way of doing something stupid - top of my pet peeve list
most weeks are sites that reject SMTP 'MAIL FROM:<>' and sites that number
their point-to-point links out of RFC1918 space and then wonder why
path MTU Discovery breaks when a site that implements proper martian
filtering tries to talk to them. There's a nice IETF draft about other
stupidity being seen on the net here:

http://www.ietf.org/internet-drafts/draft-floyd-tcp-reset-04.txt

Security implication: Well, if your site insists on advertising its
rampant cluelessness.... ;)

-- 
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Exmh version 2.5 07/13/2001

iD8DBQE9BAHrcC3lWbTT17ARAuTlAJ9QseV88JWAFI/cRxoGywCstnXd7QCeL6hD 4peHV66aBVr+9fOah9eZNmo= =0Rwn -----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]