In some mail from Chris Eastman, sie said:
> Several attacks could be used on a triple firewalling system depending on
> the routing configuration - loose source routing, ip fragmentation
> attacks, etc.
Or just knowing a machine inside which runs a bad enough version of
sendmail or similar.
Stacking things, for protection, doesn't buy you protection from end-point
attacks. In the case of e-mail, unless the firewall can reliably filter
"From", "to", meta-mail and other potential sources of misbehaviour, there
is room for using e-mail as a (somewhat slow) datalink layer.
Using three levels of protection need not necessarily protect a connection
from inside to out from hijacking (especially with proxies on external
portions of the firewall) OR even outside in. Whatever connections are
made to external machines *must* be considered insecure, especailly the
data that comes in from them, when they are to arbitary machnes on the
This all assumes that people don't do things with their firewall
configuration that impinge on its effectiveness...which is easy to do!