From mboxrd@z Thu Jan  1 00:00:00 1970
From: K <netfilter@quintux.com>
Subject: Re: Hairpin NAT - possible without packet marking?
Date: Tue, 04 Jul 2017 07:48:36 +0200
Message-ID: <B3451526-9879-43F6-87BB-291E414AE43B@quintux.com>
References: <1363a246-966e-59fc-7d5a-efaf12aa6b51@dynator.no> <4c60ba2e-3e52-f55d-96e1-699c7821940d@pobox.com> <ea023673-d0c6-f8d8-0399-203a71e7fa62@trustiosity.com> <6773e78c-f0e6-508d-0a72-d5880705756d@pobox.com> <a3219c0b-2e2e-74d3-ae9b-88ec6ff35810@trustiosity.com> <1402388a-fb32-d7af-bc3a-6f25b8a2f47a@pobox.com>
Mime-Version: 1.0
Content-Transfer-Encoding: 8BIT
Return-path: <netfilter-owner@vger.kernel.org>
In-Reply-To: <1402388a-fb32-d7af-bc3a-6f25b8a2f47a@pobox.com>
Sender: netfilter-owner@vger.kernel.org
List-ID: <netfilter.vger.kernel.org>
Content-Type: text/plain; charset="us-ascii"
To: "netfilter@vger.kernel.org" <netfilter@vger.kernel.org>

What do all the locks in the world help when you invite the burglar in for tea? In other words: most IT departments have the incoming traffic pinned down as you described, but a single executable disguised as a clip of a cute kitty, downloaded and executed by any employee is what nowadays forms the real threat.

On July 4, 2017 3:14:59 AM GMT+02:00, Robert White <rwhite@pobox.com> wrote:
>They had
>people sharing segments of their hard drives. Pooled servers with just
>ludicrously broad write policies, printers, store and forward scanners,
>all the normal stupid things that let business function. And you know,
>what, its well they should. Security that becomes a denial of service
>attack on the corporation's innards just encourages misuse.