Billy,
maybe I'm biassed by my deep love towards a company whose workhorse (dubbed
by the year it was finally released) too many times so far has left me
stranded, by just losing few, but meaningful, kilobytes of key stuff.
When you say: "The problem I believe is that NT's IP is not always robust
enough to survive a hacker attack." you are firing an A-bomb, IMHO. Aren't
you?
Do I correctly understand you if I say that, since firewalls are here to
ward off hackers' attacks, it's better not to rely on an NT since its IP
isn't up to the task we want to use it?
This reminds me of having heard that, in the early decades of this century,
a racing car maker overlooked the importance of brakes by saying: "My cars
are to run, not to stop". It has disappeared from the marketplace.
-------------------------------
Franco RUGGIERI
fruggieri @
selfin .
net
----------
> Da: Billy Verreynne <vslabs @
onwe .
co .
za>
> A: ygerman @
genre .
com; yati @
mod .
gov .
my
> Cc: Firewalls @
GreatCircle .
COM
> Oggetto: Re: Unlimited Users Firewalls
> Data: giovedì 23 ottobre 1997 10.32
>
> > ygerman @
genre .
com wrote:
> <snip>
> > I would also say stay away from NT firewalls because the NT TCP/IP
> > stack is not as robust as Unix in a high volume environment.
>
> On what facts do you base this? AFAIK the problems with Microsoft's
> implementation of TCP/IP have more to do with incorrectly handling
packets
> that were incorrectly assembled (e.g. the OOB problem which gave all the
> dumb snotty nose wannabe hackers a hard on) . But even Unix TCP/IP do not
> always respond as it should - what about SYN stealth scans?
>
> A company I know have been using NT with SQL-Server across a WAN for a
> number of years now. The volumes are pretty high - hundreds of users
doing
> OLTP transactions. The problem has never been with TCP/IP on NT, but
rather
> with SQL-Server and the Microsoft client (Win95) DB library.
>
> I have worked with NT since the first beta, and TCP/IP IMHO was never a
> problem, but rather the use of it (like running NetBIOS pipes across
TCP/IP
> instead of using sockets). Of course Microsoft was naive in believing
they
> could implement the RFCs for TCP/IP without paying much attention to
wrong
> IP packets. But remember these IP packets are almost always the result of
> hacker attacks. In a standard high volume business environment NT's IP is
> stable and robust enough IMHO. The problem I believe is that NT's IP is
not
> always robust enough to survive a hacker attack.
>
> NT has received a lot of flak, especially from the Unix lovers, but it is
> still a good operating system and one that is used (as with Unix)
> throughout the world by many companies for running mission critical
> applications.
>
> regards,
> Billy
Follow-Ups:
|
|
