Jon,
Stateful inspection engines suffer the same disadvantages as packet filters,
because THEY ARE packet filters.
I would say that (my) single biggest problem with packet filtering is
application-level security (e.g. how can a packet filter differentiate a
sendmail server from a rogue webserver running on port 25? It can't. A proxy
can.) OTOH, packet filters are generally faster, mainly because filtering
decisions are made in the lower levels of the IP stack.
I can't speak from experience, but I've also read stories of state tables
becoming corrupt, usually with interesting consequences.
Regards,
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Christopher Zarcone - Data Communications Design Analyst
Lockheed Martin Enterprise Information Systems
czarcone @
vf .
lmco .
com * Chris .
Zarcone @
lmco .
com * czarcone @
acm .
org
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
My opinions do not necessarily reflect those of my employer.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>Date: Wed, 01 Apr 1998 23:27:59 -0500
>From: "Jon E. Price" <jon @
nytimes .
com>
>Subject: socks versus fw-1 stateful inspection vulnerabilities
>
>Are there any known or theoretical insecurities or vulnerabilities or other
>shortcomings (eg. performance) using socks or the fw-1 stateful inspection
>technologies?
|
|
