Sure, an FTP proxy that can decrypt your
encrypted FTP session will work, same as
a SPF with the same features will.
If a SPF or a proxy can act as one endpoint
of an ancrypted connection, it can watch
for the port command and deal with it.
You seem to be under the impression that SPFs
aren't capable of understaning the protocol
being routed... if that were the case, the non-encrypted
FTP session wouldn't work over the PIX box with NAT
emabled, would it? There is no reason that the SPF
software can't be designed to act as an encryption
endpoint, but apparantly the PIX hasn't for FTP.
Ryan
---------- Previous Message ----------
To: Ryan.Russell
cc: sjg, firewalls
From: sjg @ quick.com.au ("Simon J. Gerraty") @ smtp
Date: 06/08/97 10:17:28 AM
Subject: Re: Stateful Packet Filters vs. Proxies
> A proxy would have the same problem.
On the contrary, an ftp proxy would have been able to handle it -
because it does not simply shuffle packets - it plays the protocol.
I know, because my ftp proxy handles the same situation with no
problems.
--sjg
Follow-Ups:
|
|
