nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqe7rqcsp5pypj3ac5wxnvgnwxmdl5the60wggwlqytaxm9kql0cdsaxd2rl (nprofile…d2rl) Considering Palo Alto CVEs earlier this year, a second FW buys you time and isolates you when one of the firewalls turns to a problem.
But honestly, I can't understand why any of this should be necessary. A firewall should be dumb and just filter/drop packets, not have 5478 services running on it that could be vulnerable some day.
OTOH, this is nothing new:
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firewall
Ichinin :verified: :verified_paw: ✅🎯🙄 /
npub1kw…00l26
2024-12-10 13:52:40
in reply to nevent1q…hqas
Author Public Key
npub1kwuvz2et9w3a3ksvega30c0jwmmrcvhdtf5qxnz433pke5tvtz0sn00l26Seen on
wss://relay.nostr.bandPublished at
2024-12-10 13:52:40Event JSON
{
"id": "2b727ec5662776b91f06fcc5ee0edc095f7ac6693e8e8b2e2c194f6c7770120e",
"pubkey": "b3b8c12b2b2ba3d8da0cca3b17e1f276f63c32ed5a68034c558c436cd16c589f",
"created_at": 1733838760,
"kind": 1,
"tags": [
[
"p",
"cf860c4034090328f71471a6c44dc6db7f45df3a7b90877c045f4db2d81f7e1b",
"wss://relay.mostr.pub"
],
[
"p",
"ddaef735ba82c4c8eb3942423bf54420567582fd5b68ed1046a7e18c9f780bfe",
"wss://relay.mostr.pub"
],
[
"e",
"7c1455dc21b8c1460627e27dd2c0c54e56b421a8cc17238461e916178679f594",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://infosec.exchange/users/Ichinin/statuses/113628856987641686",
"activitypub"
]
],
"content": "nostr:nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqe7rqcsp5pypj3ac5wxnvgnwxmdl5the60wggwlqytaxm9kql0cdsaxd2rl Considering Palo Alto CVEs earlier this year, a second FW buys you time and isolates you when one of the firewalls turns to a problem.\n\nBut honestly, I can't understand why any of this should be necessary. A firewall should be dumb and just filter/drop packets, not have 5478 services running on it that could be vulnerable some day.\n\nOTOH, this is nothing new:\nhttps://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firewall",
"sig": "22627b914d066603349b9b6386873d5b29dbd36d6d92e55a5eaa17e5a0014ea840fb748a389f896e136c2cd5c75f8aa93ce67e8af383ad25226577c94bf2b8fe"
}