Path: utzoo!utgpu!watserv1!watmath!att!linac!pacific.mps.ohio-state.edu!zaphod.mps.ohio-state.edu!caen!spool.mu.edu!uunet!seismo!dimacs.rutgers.edu!aramis.rutgers.edu!paul.rutgers.edu!njin!princeton!newross!samadams!tr From: tr@samadams.princeton.edu (Tom Reingold) Newsgroups: comp.protocols.tcp-ip Subject: Re: well-behaved firewalls Message-ID: Date: 26 Jun 91 21:51:03 GMT References: <1991Jun25.003609.22406@pa.dec.com> Sender: news@newross.Princeton.EDU (USENET News System) Organization: Princeton University, Dept. of Computer Science Lines: 41 mogul@pa.dec.com (Jeffrey Mogul) writes: $ The system I implemented (see my paper in Proc. 1989 Summer USENIX $ Conf.) currently sends "Host Unreachable" packets, but only in $ those cases specified in the filtering rules. E.g., the manager $ of the gateway can say: $ from any to any tcp port telnet reject notify; $ from any to any tcp port finger reject; $ This means that telnet users will get notification via ICMP, and finger users $ will see their connections time out. (This is a contrived example; in $ real life, we tend to send notifications except in cases where nobody $ is likely to be listening and the traffic rate could be high.) $ In my implementation, the choice of ICMP type+code is wired into the kernel. $ Given that I allow fine-grained choice of when to send an ICMP, it might $ also be reasonable to add fine-grained choice of which ICMP code to send. $ However, we've been running this way for more than 2 years without any $ problems. [This code is now shipping with Ultrix (release 4.2) so if I $ made the wrong choice, I guess I'll hear about it.] Forgive me if I am mentioning something that has been discussed here before... Is this sort of approach a "good idea"? It has become common, with different methods of implementation. Would it not make more sense to take the burden of security away from networks and put it on hosts? To me, it seems that firewalls like these are analogous to roadblocks on highways that are placed there because a criminal MIGHT be using the road to commit a crime. I prefer to be presumed innocent and I like having a road that is free for both me and the criminals. I prefer banks putting up heavy locks to prevent robberies over roadblocks on roads. What do network experts feel about this? -- Tom Reingold tr@samadams.princeton.edu OR ...!princeton!samadams!tr "Warning: Do not drive with Auto-Shade in place. Remove from windshield before starting ignition."