[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PF related crash? (fwd)



Jason Dixon wrote:
On Sun, 2003-02-23 at 11:14, Henning Brauer wrote:

On Sun, Feb 23, 2003 at 10:20:05AM -0500, Jason Dixon wrote:

On Fri, 21 Feb 2003, Glen MacAfee wrote:

IPsExt = "xx.xx.xx.0/24"

First, please always filter out real address information on public lists.

this is the worst advice I've seen in the last few hours.


At the risk of publicly embarrassing myself, WHY?  Why in the hell would
you want people knowing your IP information... particularly on such a
poorly configured (effectively NO) firewall?

Henning, I really respect you, so I'm really confused as to your terse
and enigmatic response.

What Henning is probably getting at is the sheer effectiveness of obfuscating information on a support list. Chances are you could determine IP information anyways, if from nothing else than looking at the header for the IP of the sending mail relay. Obfuscating data makes it difficult to see into the problem. Giving the pertinent information saves the list members from having to send more mail asking for details. If you are in the habit of obfuscating data on other lists (see also "security through obscurity"), you're going to waste a lot of peoples' time. Reasons to do so are in such cases where (as in a firewall issue) you are asking ppl to critique your config or tell you why something doesn't work. If we can see the real address info, and understand the subnet design and what interface is on what network and what the rules apply to, its much easier.


I understand your point about the misconfigured firewall and not wanting ppl to know how to reach you, but the majority of the time, do everyone a favor and give the unfettered, full, needed info in your help request.

My $0.02.

DS