Firewalls: Re: Using a NetBlazer as a 'choke' router

Firewalls
(August 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Using a NetBlazer as a 'choke' router
From:	johns @ oxygen . house . gov (John Schnizlein)
Date:	Wed, 17 Aug 1994 17:05:15 -0400
To:	chrisp @ icad . com, firewalls @ GreatCircle . COM

>From chrisp @
 icad .
 com:

>We're thinking of using one as a 'Choke' router in the 'Belt and Suspenders'
>configuration described in Cheswick et al's book on Firewalls.
>
>Has anyone else done this? What type of success have you had? Are there any
>'Gotchas' you encountered that you could tip me off about?

The worst thing about the NetBlazer in an Internet firewall is that
it does not block IP-source-route packets,
which are a potential address spoofing threat.

I found it difficult to configure a packet filter I like
in spite of a rich set of filter operators.
It is unclear what the precedence is for partially conflicting filters.
The router supports only one filter set, in which interfaces are specified.

However, if this is just the belt, you just need really good suspenders. :-)

Indexed By Date	Previous:	Re: tcp_wrapper and ftp server From: Ken Beames <beames @ qdeck . com>
Indexed By Date	Next:	breakin' to log From: jeromie @ mmp . com (jeromie)
Indexed By Thread	Previous:	Using a NetBlazer as a 'choke' router From: Chris Patti <chrisp @ icad . com>
Indexed By Thread	Next:	breakin' to log From: jeromie @ mmp . com (jeromie)