Great Circle Associates Firewalls
(June 1996)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: How good is "stateful inspection"? (fwd)
From: "Ronald L. Sharp" <rls @ neptune . att . com>
Date: Thu, 27 Jun 1996 10:26:09 -0400 (EDT)
To: firewalls @ greatcircle . com
Original-from: Ronald L. Sharp <rls @ neptune>
Original-to: att!!firewalls

>From rls Thu Jun 27 10:20 EDT 1996
Subject: Re: How good is "stateful inspection"?
To: bjornmy @
 nwo .
 dec .
 com (Bjorn Myhrhaug)
Date: Thu, 27 Jun 1996 10:20:01 -0400 (EDT)
From: Ronald L. Sharp <rls @
Cc: Firewalls @
 GreatCircle .
In-Reply-To: <31D25AA4 .
 41C6 @
 nwo .
 dec .
 com> from "Bjorn Myhrhaug" at Jun 27, 96 11:55:48 am
X-Mailer: ELM [version 2.4 PL17]
Content-Type: text
Content-Length: 949       

It has been discussed on this list by some that you should, IN THEORY, be 
able to do most anything in the kernel using stateful inspection that can
be done by a proxy application.  While anything is possible "in theory" I
am more interested in the actual implementation.  For example, could anyone 
explain if and how FW1 can protect an inside network host from a "buffer 
overflow" attack?  This should not relight the constant battle between 
stateful packet filters and application gateways.

Also I believe FW1 has a white paper on their technology at their web site.

> I have been looking for papers describing the "stateful inspecion"
> technique used by Firewall-1, and on discussions on how good it is,
> potential weaknesses etc.
> Any good pointers, or opinions?
> Rgds
> Bjorn.
> -- 
> Bjorn Myhrhaug			bjornmy @
 nwo .
 dec .
> Digital Equipment Corp. A/S	+(47) 22 76 86 84
> Oslo, Norway			DTN 872-8684

Ron Sharp

Indexed By Date Previous: Re: Re[2]: Network ethernet sniffer
From: Ben <adept @ cep . yale . edu>
Next: IP address for Enterprises use -Reply
From: Richard Gilman <rgilman @ vortexdata . com>
Indexed By Thread Previous: Re: Re[2]: Virus scanners an European PGP with key-escrow
From: David Harley <harley @ icrf . icnet . uk>
Next: Re: How good is "stateful inspection"? (fwd)
From: Ryan.Russell/SYBASE

Search Internet Search