Firewall Wizards mailing list archives
Re: Proxy 2.0 secure? (AG vs. SPF)
From: "Ryan Russell" <ryanr () sybase com>
Date: Tue, 7 Jul 1998 09:40:20 -0700
AGs always rebuild frags in one way, correct?
correct
They don't have to know about each inside stack, correct?
wrong. They should know each inside stack, because a HP Printer may handle fragments, tcp options etc. differently than a NT 3.51 machine or a Linux
box.
Take a look at the SNI Paper about IDS' , there you can read how they act differently on behalf of fragment ages (favors newest/oldest fragment ...) Your Sun FW-1 may know the correct handling from the RFC's but not all internal machines may know these too. And this is bad for security.
But if the AG already defragged the packets, then there aren't the weird fragments going inside, right? This assumes that your AG doesn't have to fragment on the way inside, or some intermediate device frags for you in such a way as to wipe out inside machines by chance. Ryan
Current thread:
- Re: Proxy 2.0 secure? (AG vs. SPF) Paul D. Robertson (Jul 01)
- <Possible follow-ups>
- Re: Proxy 2.0 secure? (AG vs. SPF) Ryan Russell (Jul 02)
- Re: Proxy 2.0 secure? (AG vs. SPF) Paul D. Robertson (Jul 03)
- Re: Proxy 2.0 secure? (AG vs. SPF) Ryan Russell (Jul 07)
- Re: Proxy 2.0 secure? (AG vs. SPF) Paul D. Robertson (Jul 07)
- Re: Proxy 2.0 secure? (AG vs. SPF) Marc Heuse (Jul 07)
- Re: Proxy 2.0 secure? (AG vs. SPF) Ryan Russell (Jul 07)
- Re: Proxy 2.0 secure? (AG vs. SPF) Paul D. Robertson (Jul 07)
- Re: Proxy 2.0 secure? (AG vs. SPF) Bennett Todd (Jul 07)
- Re: Proxy 2.0 secure? (AG vs. SPF) Ryan Russell (Jul 07)
- Re: Proxy 2.0 secure? (AG vs. SPF) Paul D. Robertson (Jul 08)
- Re: Proxy 2.0 secure? (AG vs. SPF) Ryan Russell (Jul 07)
- Re: Proxy 2.0 secure? (AG vs. SPF) Paul D. Robertson (Jul 07)
- Re: Proxy 2.0 secure? (AG vs. SPF) Joseph S. D. Yao (Jul 08)
- Re: Proxy 2.0 secure? (AG vs. SPF) Ryan Russell (Jul 07)
- Re: Proxy 2.0 secure? (AG vs. SPF) Bennett Todd (Jul 07)
- Re: Proxy 2.0 secure? (AG vs. SPF) tqbf (Jul 12)
- Re: Proxy 2.0 secure? (AG vs. SPF) Ryan Russell (Jul 07)
- Re: Proxy 2.0 secure? (AG vs. SPF) Bennett Todd (Jul 07)
- Re: Proxy 2.0 secure? (AG vs. SPF) Ryan Russell (Jul 12)
(Thread continues...)