> Sure, an FTP proxy that can decrypt your
> encrypted FTP session will work, same as
> a SPF with the same features will.
>
> If a SPF or a proxy can act as one endpoint
> of an ancrypted connection, it can watch
> for the port command and deal with it.
>
> You seem to be under the impression that SPFs
> aren't capable of understaning the protocol
> being routed... if that were the case, the non-encrypted
> FTP session wouldn't work over the PIX box with NAT
> emabled, would it? There is no reason that the SPF
> software can't be designed to act as an encryption
> endpoint, but apparantly the PIX hasn't for FTP.
>
I agree with you that you can make an SPF which can
handle any case that a proxy can. However, it is far
easier for the end user (read f/w implementor) to modify
proxy code such that it will match the requirements
of his/her site than it is for the end user to modify
an SPF.
-- craig
-------------------------------------------------------------------------------
Craig I. Hagan "It's a small world, but I wouldn't want to back it up"
hagan @
cih .
com "True hackers don't die, their ttl expires"
"It takes a village to raise an idiot, but an idiot can raze a village"
Follow-Ups:
References:
|
|
