Great Circle Associates Firewalls
(February 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: RE: Packet Filter rules...
From: crumrig @ us-state . gov
Date: Thu, 6 Feb 97 07:21:06 PST
To: firewalls @ greatcircle . com, nvs2 @ cornell . edu 
Try going to the mountain and speaking with GOD.  Markus Ranum has his security white papers located at www.v-one.com.  I assume you know who Markus Ranum is, if not then you should take up some other major, like basket weaving or such.  Actually, I am just kidding.  As you probably know, Markus wrote FW Toolkit.  He is now working at v-one and all of his stuff is there for reading.  I also would suggest hitting the NCSA's website and getting ahold of some of the books they have for sale..  Lastly, a packet filter router, is a very good tool, and should be a part of any system that is being implimented.  And, it possibly could manage to work for small to medium operations, but they are not a Firewall in hte truest sense of the word.  Now there are some nice features that CISCO will try and sell you, but when it comes to proxy services, and configurability AND reporting, then true dual homed proxy firewalls are the only way to go Period!  Packet filters are good as tools as p!
art of a bigger system, but that i
s all.  Besides the lack of reporting on a router, I could kill your router with traffic and have free reign on your system while the router is rebooting itself.  As far as speed goes, don't worry about it.  Unless of sourse you have 2ooo node lan, all using http and sending a million messages an hour.
---------------Original Message---------------
Hi,
I am implementing a firewall as a Master's project and I need to decide 
on rules for packet filtering. I have two questions to ask you folks:

(1) Can anyone suggest research papers/books/web documents on packet 
filtering?

(2) I was told that a packet filter should check for various combinations 
of :
Source Address, Destn Address, protocol, Source port, destn port

 and then decide if a packet should be let thro.
Also, this decision making has to be real fast so as not to introduce a 
considerable amount of overhead while routing the packet.
Does any one have any suggestions on how this can be done?

Thanks in advance

Nik.
----


----------End of Original Message----------
Follow-Ups:
Indexed By Date Previous: Gauntlet ver 3.12
From: "Sizer, Kevin" <KevinS @ Siemens . co . za>
Next: Re: Firewall 1 & Bay Routers
From: Mike Parsons <109j9jph6ig4 @ mail04 . internetMCI . com>
Indexed By Thread Previous: Re: Packet Filter rules...
From: Jody C Patilla <jcp @ tis . com>
Next: Re: Packet Filter rules...
From: proff @ suburbia . net
Google
 
Search Internet Search www.greatcircle.com