>From rls Thu Jun 27 10:20 EDT 1996
Subject: Re: How good is "stateful inspection"?
To: bjornmy @
nwo .
dec .
com (Bjorn Myhrhaug)
Date: Thu, 27 Jun 1996 10:20:01 -0400 (EDT)
From: Ronald L. Sharp <rls @
neptune>
Cc: Firewalls @
GreatCircle .
com
In-Reply-To: <31D25AA4 .
41C6 @
nwo .
dec .
com> from "Bjorn Myhrhaug" at Jun 27, 96 11:55:48 am
X-Mailer: ELM [version 2.4 PL17]
Content-Type: text
Content-Length: 949
It has been discussed on this list by some that you should, IN THEORY, be
able to do most anything in the kernel using stateful inspection that can
be done by a proxy application. While anything is possible "in theory" I
am more interested in the actual implementation. For example, could anyone
explain if and how FW1 can protect an inside network host from a "buffer
overflow" attack? This should not relight the constant battle between
stateful packet filters and application gateways.
Also I believe FW1 has a white paper on their technology at their web site.
>
> I have been looking for papers describing the "stateful inspecion"
> technique used by Firewall-1, and on discussions on how good it is,
> potential weaknesses etc.
>
> Any good pointers, or opinions?
>
> Rgds
> Bjorn.
> --
>
> Bjorn Myhrhaug bjornmy @
nwo .
dec .
com
> Digital Equipment Corp. A/S +(47) 22 76 86 84
> Oslo, Norway DTN 872-8684
>
>
--
Ron Sharp
|
|
