Re: I-D Publication Request: draft-ietf-netconf-soap-05.txt

[Juergen Schoenwaelder <j.schoenwaelder@iu-bremen.de>]

On Mon, Jul 11, 2005 at 11:02:04AM -0600, Ted Goddard wrote:

> Why can't the firewall simply drop all requests to the NETCONF URL
> if the origin of those requests is on a list of attackers?  This seems
> more expensive to process (string comparison vs integer comparison)
> but not fundamentally less secure.

I think Ira was pointing to my Linux kernel which is pretty good in 
filtering packets based on port numbers but rather bad in filtering 
SOAP requests by URL or something like that.

/js

-- 
Juergen Schoenwaelder		    International University Bremen
<http://www.eecs.iu-bremen.de/>	    P.O. Box 750 561, 28725 Bremen, Germany

--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>