Firewalls: Re: How good is "stateful inspection"? (fwd)

Firewalls
(June 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: How good is "stateful inspection"? (fwd)
From:	Darren Reed <avalon @ coombs . anu . edu . au>
Date:	Sun, 30 Jun 1996 17:41:39 +1000 (EST)
To:	Ryan . Russell @ sybase . com (Ryan Russell/SYBASE)
Cc:	Firewalls @ GreatCircle . COM (Firewalls Mailing List)
In-reply-to:	<9606291952 . AA02681 @ notesgw2 . sybase . com> from "Ryan Russell/SYBASE" at Jun 29, 96 12:53:06 pm

In some mail from Ryan Russell/SYBASE, sie said:
[...]
> The person who posted the question was under the impression that SPF couldn't
> but proxies could.  I believe that neither can effectivly protect from that 
> type of attack,
> because it requires very specific knowledge about the platform in question on 
> the
> inside.
> 
>        Ryan

They both `can'.

But, in both cases, you must somehow put the knowledge about what is good
and bad in the proxy/filter code.

It doesn't require any knowledge about the interior platforms which it is
attempting to protect.

How it is implemented is purely an implementation issue.

Darren

Follow-Ups:

Re: How good is "stateful inspection"? (fwd)
From: Michael Dillon <michael @ memra . com>

Indexed By Date	Previous:	Re: NCSA Certification From: Chris Kostick <ckostick @ ashton . csc . com>
Indexed By Date	Next:	Hardware requirements of Firewall-1 From: Can BAYSAL <baysalc @ boun . edu . tr>
Indexed By Thread	Previous:	Re: How good is "stateful inspection"? (fwd) From: Ryan.Russell/SYBASE
Indexed By Thread	Next:	Re: How good is "stateful inspection"? (fwd) From: Michael Dillon <michael @ memra . com>