Firewalls: Proxy v. Packet Filter

Firewalls
(December 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Proxy v. Packet Filter
From:	rex @ staff . cs . su . oz . au (Rex di Bona)
Date:	Fri, 22 Dec 1995 08:55:04 +1000
To:	firewalls @ GreatCircle . COM
Reply-to:	rex @ cs . su . oz . au

> Can someone tell me exactly what a Proxy can do 
> that a good packet filtering firewall cannot do?
> 
> _Pete Morrissey
> _Syracuse University

As an example - my mail proxy parses the mail from/to lines and the
envelope header looking for known 'sendmail' bug chars, and other
illegal/unwanted characters. (Not that I actually run sendmail - ugh!).
This would be difficult (impossible?) with a packet filter. The
difference is that a proxy looks at the data in the stream, whereas a
filter only looks at source and dest.  (Ignoring hybrid mixtures
here).

					Rex.

Follow-Ups:

Re: Proxy v. Packet Filter
From: jsanchez @ esegi . es (Julio Sanchez)

Indexed By Date	Previous:	Firewalls-Digest V4 #721 -Reply From: Brian Rogers <RogersB3 @ STATE . MI . US>
Indexed By Date	Next:	Re: Firewall-1, any hints or gotcha's in it's installation?? From: Brain21 <brain21 @ montag33 . residence . gatech . edu>
Indexed By Thread	Previous:	Re: Proxy v. Packet Filter From: gary flynn <gary @ habanero . jmu . edu>
Indexed By Thread	Next:	Re: Proxy v. Packet Filter From: jsanchez @ esegi . es (Julio Sanchez)