Firewalls: Re: Dynamically Re-arranged Access Lists?

Firewalls
(January 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Dynamically Re-arranged Access Lists?
From:	Rens Troost <rens @ imsi . com>
Date:	Thu, 26 Jan 1995 17:37:09 -0500
To:	steveg @ cseic . saic . com (Stephen Harold Goldstein)
Cc:	firewalls @ greatcircle . com
In-reply-to:	Your message of "Thu, 26 Jan 1995 16:28:09 EST." <9501262128 . AA08758 @ cseic . saic . com>
Reply-to:	rens @ imsi . com

>>>>> "Stephen" == Stephen Harold Goldstein <steveg @
 cseic .
 saic .
 com> writes:

  Stephen> remain nameless.  He claimed that some manufacturer's
  Stephen> routers (wouldn't specify) will re-arrange the order in
  Stephen> which ACL entries are processed for efficiency reasons,
  Stephen> possibly leading to unintended results such as packets
  Stephen> getting through that should have been blocked.

The Telebit netblazer used to do this...I'm not sure if they still
do. Pretty good box by and large.

-Rens

References:

Dynamically Re-arranged Access Lists?
From: steveg @ cseic . saic . com (Stephen Harold Goldstein)

Indexed By Date	Previous:	Re: Router filtering not enough! (Was: Re: CERT advisory ) From: "Daniel O'Callaghan" <danny @ www . unimelb . edu . au>
Indexed By Date	Next:	Re: How many firewalls & what IS one? From: zbo @ netcom . com (James A. Shankland)
Indexed By Thread	Previous:	Dynamically Re-arranged Access Lists? From: steveg @ cseic . saic . com (Stephen Harold Goldstein)
Indexed By Thread	Next:	Re: Dynamically Re-arranged Access Lists? From: Paul Traina <pst @ cisco . com>