>From rls Thu Jun 27 10:20 EDT 1996
Subject: Re: How good is "stateful inspection"?
To: bjornmy @
com (Bjorn Myhrhaug)
Date: Thu, 27 Jun 1996 10:20:01 -0400 (EDT)
From: Ronald L. Sharp <rls @
Cc: Firewalls @
In-Reply-To: <31D25AA4 .
com> from "Bjorn Myhrhaug" at Jun 27, 96 11:55:48 am
X-Mailer: ELM [version 2.4 PL17]
It has been discussed on this list by some that you should, IN THEORY, be
able to do most anything in the kernel using stateful inspection that can
be done by a proxy application. While anything is possible "in theory" I
am more interested in the actual implementation. For example, could anyone
explain if and how FW1 can protect an inside network host from a "buffer
overflow" attack? This should not relight the constant battle between
stateful packet filters and application gateways.
Also I believe FW1 has a white paper on their technology at their web site.
> I have been looking for papers describing the "stateful inspecion"
> technique used by Firewall-1, and on discussions on how good it is,
> potential weaknesses etc.
> Any good pointers, or opinions?
> Bjorn Myhrhaug bjornmy @
> Digital Equipment Corp. A/S +(47) 22 76 86 84
> Oslo, Norway DTN 872-8684