Firewall Wizards mailing list archives
Re: Gauntlet adaptive proxies
From: Joseph S D Yao <jsdy () cospo osis gov>
Date: Mon, 9 Nov 1998 15:32:06 -0500 (EST)
In a similar fashion, you might have your HTTP proxy look at what would be the HEAD of the HTTP conversation and examine that as necessary before setting up rules to allow the rest of the data to flow without going through the proxy.Isn't this exactly what CheckPoint's Security Servers do? They intercept the packet, examine the data, then allow the packets right through.
I don't think so. They examine packets. From the sketchy information presented so far, there is a proxy that re-assembles the first part of the message stream and analyzes it. However, then the message flow is diverted to a simple packet filter. This is not as easy as it sounds. Consider trying to write a "C" program that analyzes its standard input and then, based on what it finds, hands off its standard input and standard output to another ALREADY RUNNING program ... and then exits to reduce overhead. ;-) -- Joe Yao jsdy () cospo osis gov - Joseph S. D. Yao COSPO/OSIS Computer Support EMT-A/B ----------------------------------------------------------------------- PLEASE ... send or Cc: all "COSPO/OSIS Computer Support" mail to sys-adm () cospo osis gov ----------------------------------------------------------------------- This message is not an official statement of COSPO policies.
Current thread:
- Re: Gauntlet adaptive proxies Dale Lancaster (Nov 08)
- Re: Gauntlet adaptive proxies Joseph S D Yao (Nov 09)
- <Possible follow-ups>
- RE: Gauntlet adaptive proxies ICMan (Nov 09)
- Re: Gauntlet adaptive proxies Rodney van den Oever (Nov 09)
- Re: Gauntlet adaptive proxies Darren Reed (Nov 09)
- Re: Gauntlet adaptive proxies Kevin Steves (Nov 11)
- Re: Gauntlet adaptive proxies Darren Reed (Nov 12)
- Re: Gauntlet adaptive proxies Kevin Steves (Nov 12)
- Re: Gauntlet adaptive proxies Darren Reed (Nov 09)
- Re: Gauntlet adaptive proxies Joseph S D Yao (Nov 09)
- Re: Gauntlet adaptive proxies carson (Nov 10)