In some mail from Todd Hooper, sie said:
>
> Jean-Christophe Touvet <jct @
edelweb .
fr> writes:
>
> > As far as I know, this is a Firewall-1 bug. The reason is that Gauntlet used
> >to split its PORT commands in two packets (two write() system calls). Since
> >Firewall-1's filtering code works only with one packet at once, it fails. TIS
> >guys wrote some patches to solve this problem (contact your Gauntlet reseller),
> >but IMHO that's really a packet filtering design problem: how do you inspect
> >data when it doesn't fit in the same packet ? Of course, you could keep data
> >in your sate machine, but in that case you've just written a proxy. Any
> >comments ?
>
> Isn't that one of the issues (specifically, the problems with TIS and Gauntlet
> ftp) that Checkpoint fixed in Firewall-1 version 2.0d?
Do you know if they fixed the problem in general or just patched their ftp
proxy code to do the "PORT" command correctly ?
darren
References:
|
|
