>On Thu, 5 Jun 1997, Jonathan M. Bresler wrote:
>> >I don't think there is anything an application firewall can
>> >do that can't also be done by a "packet filter" firewall. The
>> trivial example:
>> a smtp application level proxy can disable the "debug" command
>> for every sendmail behind that firewall.
>Finding and removing the "debug" command from smtp connections at the
>packet layer isn't much different than finding and altering the PORT and
>PASV part of the FTP command and all the NAT style packet filters
>modify the FTP commands. It's not something packet filters do, but
>it is no more difficult than many of the things they already do.
Cy, the difficulty of implementing this is not the point. the point is
that application level proxies provide this. packet filters, stateful or
not, do not provide this.
aint hard to apply a tourniquet, but until its applied, someone bleeds
to death ;)