Re: Gauntlet adaptive proxies

[Joseph S D Yao <jsdy () cospo osis gov>]

> > In a similar fashion, you might have your HTTP proxy look at what would
> > be the HEAD of the HTTP conversation and examine that as necessary before
> > setting up rules to allow the rest of the data to flow without going through
> > the proxy.
>
> Isn't this exactly what CheckPoint's Security Servers do? They intercept the packet, examine the data, then allow the 
> packets right through.

I don't think so.  They examine packets.  From the sketchy information
presented so far, there is a proxy that re-assembles the first part of
the message stream and analyzes it.  However, then the message flow is
diverted to a simple packet filter.

This is not as easy as it sounds.  Consider trying to write a "C"
program that analyzes its standard input and then, based on what it
finds, hands off its standard input and standard output to another
ALREADY RUNNING program ... and then exits to reduce overhead.  ;-)

--
Joe Yao                         jsdy () cospo osis gov - Joseph S. D. Yao
COSPO/OSIS Computer Support                                     EMT-A/B
-----------------------------------------------------------------------
        PLEASE ... send or Cc: all "COSPO/OSIS Computer Support"
                     mail to sys-adm () cospo osis gov
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.