dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
11
share rss forum feed


carp
Rejected

join:2002-10-30
reply to tomkb

Re: Router ACL question

Change last ACL statement to permit tcp any any established.

Bink
Villains... knock off all that evil

join:2006-05-14
Castle Rock, CO
kudos:4
This is bad advice—and a VERY poor substitute for a modern firewall.


carp
Rejected

join:2002-10-30
said by Bink:

This is bad advice—and a VERY poor substitute for a modern firewall.
Not if he only wanted to allow traffic back in that is in response to traffic initiated inside. Inspect makes sure those allowed back in, were not messed with. Depends on the level of protection desired and the risks you've accepted. Sometimes advanced protection will break things. So it's not as black and white as it's often portrayed.

Bink
Villains... knock off all that evil

join:2006-05-14
Castle Rock, CO
kudos:4
Reviews:
·VOIPO

1 edit
It is black and white. This is akin to using firewall technology from the 1980s—and there are significant security flaws with this as all it does is look for an ACK or RST bits on a packet.

For example, while telnet and FTP work fine—it is well known they use clear text passwords. As such, I would never suggest they get used where security is a concern—and, in this case, you are suggesting someone use a known insecure method to secure his FIREWALL/network. Since a modern method of security and traffic inspection is readily available to him/built into his device, again, this is bad advice.