Subj : Re: Web hosting
To   : McDoob
From : Andre
Date : Fri Mar 18 2022 11:45:56

 Mc> I don't want to shoot you down on this, because there are some truly

It would be unwise to attempt. ;)

 Mc> insecure home networks out there. However, most routers that are on the
 Mc> market these days have the features you're talking about, and often
 Mc> enabled by default. At the very least, the router would have a firewall

Maybe rudimentary VLANs. Definitely not a honeypot, definitely not an IPS, and doubtful that they'll actively block connections based on anything, much less the output of those two features.


 Mc> that blocks any traffic on ports that aren't specifically opened, and any
 Mc> server operator with a brain would have a firewall built directly into the
 Mc> server (ie fail2ban for Linux). 

A lot of sysops I've seen can barely run a computer. I've seen plenty struggle with DNS, NAT, etc. Rolling their own linux fireawll with fail2ban is well outside of their skillset.

Also, stateful firewalls blocking inbound packets doesn't even qualify as table stakes anymore.


- Andre
--- SBBSecho 3.15-Linux
 * Origin: Radio Mentor BBS - bbs.radiomentor.org (21:3/117)

.