On Wed, Feb 06, 2002 at 10:29:53AM -0600, Kopp, Jeffery wrote:
> Subject: Please add me to the kernel change distribution list
> Date: Wed, 6 Feb 2002 10:29:53 -0600
> From: "Kopp, Jeffery" <[email protected]>
> To: <[email protected]>
Can't. COMPAQ is one of those companies which have covered their
incoming email systems with firewalls rejecting connections with IP-
header option bits that were "reserved, set to zero when sending" for
first about 20 years, but which now got other specification.
(The firewall makers made an error and tought it to mean: "reserved,
must forever be zero".)
See: http://vger.kernel.org/ for pointers to info.
You can initiate a connection towards vger, but vger can't initiate
a connection towards you!
I repeat: At present you CAN NOT receive email from vger.kernel.org.
/Matti Aarnio
On Wed, 6 Feb 2002, Matti Aarnio wrote:
> On Wed, Feb 06, 2002 at 10:29:53AM -0600, Kopp, Jeffery wrote:
> Can't. COMPAQ is one of those companies which have covered their
> incoming email systems with firewalls rejecting connections with IP-
> header option bits that were "reserved, set to zero when sending" for
> first about 20 years, but which now got other specification.
> (The firewall makers made an error and tought it to mean: "reserved,
> must forever be zero".)
to me more precise, the new specification is now an official draft, still
subject to possible revision, but the folks running vger have decided they
want to force the internet to accept it in it's current form so enabled
this feature.
David Lang
> See: http://vger.kernel.org/ for pointers to info.
>
> You can initiate a connection towards vger, but vger can't initiate
> a connection towards you!
>
> I repeat: At present you CAN NOT receive email from vger.kernel.org.
>
>
> /Matti Aarnio
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
Am Mit, 2002-02-06 um 17.45 schrieb Matti Aarnio:
> Can't. COMPAQ is one of those companies which have covered their
> incoming email systems with firewalls rejecting connections with IP-
> header option bits that were "reserved, set to zero when sending" for
> first about 20 years, but which now got other specification.
> (The firewall makers made an error and tought it to mean: "reserved,
> must forever be zero".)
I had been once behind one of their firewalls and it's like hell on
earth; Even trivial actions like ssh'ing somewhere or getting the
kernel sources caused problems. Maybe Compaq should reconsider their
security policy and work more with Linux instead of Windows to get a
clue.
--
Servus,
Daniel
this is not a linux vs. windows issue.
it's an issue of paranoid firewall companies not allowing unknown stuff
through. I am behind a Raptor firewall running on Solaris that has the
same problem. the first new version of the software that has been released
since the ECN stuff went from proposal to draft was released last week and
does support this. it will take some time for everyone to migrate to new
versions of software.
and I for one would not want firewall vendors to program their firewalls
to allow all proposed standard changes through them. expecting firewalls
to allow stuff the day it is accepted into draft status is not reasonable
either.
yes firewalls need to be updated to reflect changes in the standards, but
these updates should be able to happen as part of the normal
development/release cycle.
David Lang
On 6 Feb 2002, Daniel Egger wrote:
> Date: 06 Feb 2002 20:49:48 +0100
> From: Daniel Egger <[email protected]>
> To: [email protected]
> Subject: Re: Please add me to the kernel change distribution list
>
> Am Mit, 2002-02-06 um 17.45 schrieb Matti Aarnio:
>
> > Can't. COMPAQ is one of those companies which have covered their
> > incoming email systems with firewalls rejecting connections with IP-
> > header option bits that were "reserved, set to zero when sending" for
> > first about 20 years, but which now got other specification.
> > (The firewall makers made an error and tought it to mean: "reserved,
> > must forever be zero".)
>
> I had been once behind one of their firewalls and it's like hell on
> earth; Even trivial actions like ssh'ing somewhere or getting the
> kernel sources caused problems. Maybe Compaq should reconsider their
> security policy and work more with Linux instead of Windows to get a
> clue.
>
> --
> Servus,
> Daniel
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
> and I for one would not want firewall vendors to program their firewalls
> to allow all proposed standard changes through them. expecting firewalls
> to allow stuff the day it is accepted into draft status is not reasonable
> either.
The firewall vendor was wrong. Period. There was no guarantee that the bits
they were rejecting on were not going to change.
Alan
> it's an issue of paranoid firewall companies not allowing unknown stuff
> through. I am behind a Raptor firewall running on Solaris that has the
> same problem. the first new version of the software that has been released
> since the ECN stuff went from proposal to draft was released last week and
> does support this. it will take some time for everyone to migrate to new
> versions of software.
I couldn't pass up this opportunity to say just how pathetic raptor really
is. Unfortunately we use this piece of garbage at work for our firewall.
When the nimda virus came out, it got infected.
--
Lab tests show that use of micro$oft causes cancer in lab animals