On Thu, 5 Jun 1997, Jonathan M. Bresler wrote:
>
> >I don't think there is anything an application firewall can
> >do that can't also be done by a "packet filter" firewall. The
>
> trivial example:
> a smtp application level proxy can disable the "debug" command
> for every sendmail behind that firewall.
Finding and removing the "debug" command from smtp connections at the
packet layer isn't much different than finding and altering the PORT and
PASV part of the FTP command and all the NAT style packet filters
modify the FTP commands. It's not something packet filters do, but
it is no more difficult than many of the things they already do.
Thanks
--
Cy Ardoin
ardoin @
cycon .
com
--------------------------------------------------------------------
-- Cypress Consulting, Inc. | Voice: 703/383-0247 ---
-- 4101 Olympic Way, Alexandria VA | Fax: 703/383-0320 ----
-- and | ----
-- 11240 Waples Mill Road, Suite 403, | http://www.cycon.com/ ---
-- Fairfax, VA 22030 | --
--------------------------------------------------------------------
Follow-Ups:
References:
|
|
