At 13:18 5/06/97 -0400, Jonathan M. Bresler wrote:
>>I don't think there is anything an application firewall can
>>do that can't also be done by a "packet filter" firewall. The
> trivial example:
> a smtp application level proxy can disable the "debug" command
>for every sendmail behind that firewall.
This kind of stuff is also done in some full-state inspection
>>new packet filter firewalls are not like the old Cisco/Bay router
>>filters. The new systems operate at the network layer, but they
>>have knowledge of the protocols and applications. They
>>open up the packets and modify the data. These systems are
>>doing content filtering and other "application" types of operations.
>>Yes, not all of them do these things, but many do, and new
>>feature/functions are being added to these systems every year.
>Jonathan M. Bresler 202-452-2831 breslerj @
>MS-169 Federal Reserve Board of Governors Washington DC 20551
>Speaking for myself. Others speak for the Federal Reserve Board of Governors
Technical Consultant Cisco Systems Belgium SA/NV
Phone: +32-2-778.4677 Fax: +32-2-778.4300
E-mail: evyncke @
com Mobile: +32-75-312.458