Great Circle Associates Firewalls
(April 1998)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: socks versus fw-1 stateful inspection vulnerabilities
From: Christopher Zarcone <czarcone @ vf . lmco . com>
Date: Fri, 03 Apr 1998 09:40:34 -0500 (EST)
To: firewalls @ greatcircle . com
Reply-to: Christopher Zarcone <czarcone @ vf . lmco . com>

Jon,

Stateful inspection engines suffer the same disadvantages as packet filters, 
because THEY ARE packet filters.

I would say that (my) single biggest problem with packet filtering is 
application-level security (e.g. how can a packet filter differentiate a 
sendmail server from a rogue webserver running on port 25? It can't. A proxy 
can.) OTOH, packet filters are generally faster, mainly because filtering 
decisions are made in the lower levels of the IP stack.

I can't speak from experience, but I've also read stories of state tables 
becoming corrupt, usually with interesting consequences.

Regards,

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Christopher Zarcone - Data Communications Design Analyst
Lockheed Martin Enterprise Information Systems
czarcone @
 vf .
 lmco .
 com  *  Chris .
 Zarcone @
 lmco .
 com  *  czarcone @
 acm .
 org
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       My opinions do not necessarily reflect those of my employer.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

>Date: Wed, 01 Apr 1998 23:27:59 -0500
>From: "Jon E. Price" <jon @
 nytimes .
 com>
>Subject: socks versus fw-1 stateful inspection vulnerabilities
>
>Are there any known or theoretical insecurities or vulnerabilities or other
>shortcomings (eg. performance) using socks or the fw-1 stateful inspection
>technologies?



Indexed By Date Previous: RE: SSH Questions
From: dclydew @ interhack . net
Next: Firewalls-Digest V7 #147-Auto Answer
From: Jasjit K Singh <Jasjit_K_Singh @ sabre . com>
Indexed By Thread Previous: Re: socks versus fw-1 stateful inspection vulnerabilities
From: "Craig I. Hagan" <hagan @ cih . com>
Next: Re: socks versus fw-1 stateful inspection vulnerabilities
From: "Ryan Russell" <ryanr @ sybase . com>

Google
 
Search Internet Search www.greatcircle.com