Great Circle Associates Firewalls
(October 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: sex, lies, and firewall code
From: Peter da Silva <peter @ baileynm . com>
Date: Tue, 21 Oct 1997 10:08:01 -0500 (CDT)
To: gram @ cdsec . com (Graham Wheeler)
Cc: firewalls @ greatcircle . com
In-reply-to: <199710211006 . MAA12987 @ cdsec . com> from "Graham Wheeler" at Oct 21, 97 12:06:08 pm 
> But it can and has been done. We used an object oriented approach, starting
> with IP packets and going down to application-specific content (e.g.
> inheritance of the likes of:

> IP Session
>   Transport Session
>     TCP Session
>       Patchable TCP Session
> 	FTP Session
> 	  FTP Control Session
> 	  FTP Data Session

Um, sounds like you're simply recreating the TCP and application layers...
that is, you're running application level proxies that happen to be inside
the kernel for speed.
Follow-Ups:
References:
Indexed By Date Previous: Re: sex, lies, and firewall code
From: gary flynn <gary @ habanero . jmu . edu>
Next: (no subject)
From: andreav @ snsnet . net
Indexed By Thread Previous: Re: sex, lies, and firewall code
From: "Paul D. Robertson" <proberts @ clark . net>
Next: Re: sex, lies, and firewall code
From: Graham Wheeler <gram @ cdsec . com>
Google
 
Search Internet Search www.greatcircle.com