Great Circle Associates Firewalls
(April 1998)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: socks versus fw-1 stateful inspection vulnerabilities
From: Mike Jones <mike . jones @ unifiedtech . com>
Organization: Unified Technologies
Date: Mon, 06 Apr 1998 10:14:05 -0400
To: Christopher Zarcone <czarcone @ vf . lmco . com>
Cc: ryanr @ sybase . com, firewalls @ greatcircle . com
References: <199804061209 . IAA01498 @ data . camelot>

Christopher Zarcone wrote:

> I suppose I should clarify what I said:
> Historically I have come to understand "packet filtering" as screening based on
> IP-level and transport level information. With such limited information, you
> can't determine with certainty the application-level service; you can only make
> a best guess.

True enough.

>
>
> Of course, if you have a more advanced packet filter, you could arbitrarily
> examine any or all bits in the entire packet. At that point, though, you're
> basically performing application-level analysis, and incurring the performance
> penalty, so why not use a proxy?

You're not necessarily incurring the performance penalty, though. If you're doing
this in the kernel,
you're not incurring the overhead of (at least) two context switches per UDP
datagram or TCP
message. Generally, I'm not an advocate of putting stuff like this in the kernel,
but on a special
purpose box I'm willing to make an exception.


begin:          vcard
fn:             Mike Jones
n:              Jones;Mike
org:            Unified Technologies
email;internet: mike .
 jones @
 unifiedtech .
 com
title:          Senior Technology Advisor
x-mozilla-cpt:  ;0
x-mozilla-html: TRUE
version:        2.1
end:            vcard


References:
Indexed By Date Previous: web server set up
From: Eileen Bonfiglio <pinesnet @ putergirl . com>
Next: ATM-Firewall
From: Manfred Hahn <hahn @ linznet . at>
Indexed By Thread Previous: Re: socks versus fw-1 stateful inspection vulnerabilities
From: Christopher Zarcone <czarcone @ vf . lmco . com>
Next: RE: socks versus fw-1 stateful inspection vulnerabilities
From: "Stout, William" <StoutW @ pioneer-standard . com>

Google
 
Search Internet Search www.greatcircle.com