I just got back from ComNet '95 in D.C., and heard some rather
disturbing "info" from a firewall vendor who shall remain nameless.
He claimed that some manufacturer's routers (wouldn't specify) will
re-arrange the order in which ACL entries are processed for efficiency
reasons, possibly leading to unintended results such as packets getting
through that should have been blocked.
Does anyone know if this is true with any currently available
routers, or if it was true as a feature or bug of out-dated models/firmware?
I suspect he may have been blowing smoke as he was espousing an
approach utilizing application gateways/proxies, but it sounded plausible.
Stephen Goldstein steveg @
Disclaimer: That's not what I said.