Great Circle Associates Firewalls
(November 1995) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Firewall Proxy API
From: CONQUEST @ NETWORK-1 . COM
Date: Thu, 30 Nov 1995 3:07:54 -0600 (CST)
To: firewalls @ GreatCircle . COM
Cc: RUSSO @ NETWORK-1 . COM, HANCOCK @ NETWORK-1 . COM, CONQUEST @ NETWORK-1 . COM 
On Wed, 29 Nov 1995, Brain 21 from GA Tech inquired:

> I am wondering if there is a firewall out there (perhaps most of them?  I 
> don't know) that will let me filter (IOW add my own rules) based on 
> protocol AND specific bits and bit sequences.

	There is at least one: FireWall/Plus.

> Ex.  If I want to read a packet and disallow any packets where bits 
> 161-169 are of the sequence 10000011 (loose source routing option) or I 
> want to read the 8 bits of the "type" field in ICMP messages to filter 
> out types of "destination unreachable" and "ICMP redirect."

	Though seemingly out-of-place in a thread on Proxy API,
	this example is easily accomplished using the Frame 
	Filtering firewall product we produce.  FireWall/Plus
	allows for both easy addition of customer filter (asked
	below), *and* bit specific test criteria.  Further, the 
	Filter Language allows for the creation of symbols that
	define bit-groups located at specific location within a
	frame, OR located in some *variable* location from frame
	to frame.

	The FireWall/Plus filters exist at each of the layers:

		-> Application
		-> Transport
		=> Network Protocol
		-> Frame
		   -> Packets on Ethernets
		   -> Tokens on Token Rings

	To tie this remark to the thread: since each layer has 
	a set of filters, FireWall/Plus can accommodate the new
	applications without the need for a corresponding proxy.
	All that is required is a filter update to reflect the
	desired level of protection when using a new application.


> I know that these examples are standard as far as rules or options 
> already set up, but what if I want to make my OWN custom filters based on 
> bits and sequences?  Which firewalls is this possible with?  FWTK?  Socks 
> proxies?

	If my remarks above do not clarify what our product can
	do in this area, please contact me directly.  I'll try to
	keep the product hype to a minimum!  ;-)

  Sincerely,
  Ken Conquest
  VP, Engineering

  _______   _______  Network-1 Software & Technology, Inc.  _______   _______
  | _____\\\\____ |      mailto:Conquest @
 Network-1 .
 Com      | ____////_____ |
  | |     \\\\  | |        http://www.network-1.com         | |  ////     | |
  | |   \\\\\\\ | |                                         | | ///////   | |
  | |    \\\    | |           DFW Research Center           | |    ///    | |
  | | \\\\\\\   | |           878 Greenview Drive           | |   /////// | |
  | |  \\       | |         Grand Prairie, TX 75050         | |       //  | |
  | 1___\\______1 |                                         | 1______//___1 |
  1______\\_______1          Voice:  214-606-8200           1_______//______1
  1 - k r o w t e N            Fax:  214-606-8220           N e t w o r k - 1
Indexed By Date Previous: DNS on a firewall
From: Jon Whitton <jonw @ mntcmp2 . demon . co . uk>
Next: buffer attack (thanks)
From: Alex Pakter <Alex . Pakter @ omnitel . it>
Indexed By Thread Previous: Re: Firewall Proxy API
From: Dermot Tynan <dtynan @ fws . ilo . dec . com>
Next: Re: Firewalls-Digest V4 #667
From: edbjr @ mcs . com
Google
 
Search Internet Search www.greatcircle.com