Firewall Wizards mailing list archives
Re: PIX sux? (was Re: Start watching your logfiles folks!)
From: Predrag Zivic <pzivic () yahoo com>
Date: Thu, 23 Dec 1999 11:27:45 -0800 (PST)
Well, --- Ryan Russell <Ryan.Russell () sybase com> wrote:
Since PIX is a network level firewall, there arequitea few OSI levels that can be used to attack you......The PIX can't really touch layer 1, is that what you meant?Although your site is under attack PIX will notreportany errors or stop the unauthorized activity.My FW-1 firewall (which is the same basic technology as the PIX) reports on and protects from quite a few things.
All I am trying to say here is that both FW-1 & PIX will not be able to catch application layer attacks. I don't question the "firewalling" capabilities of FW-1 & PIX or would like to start a discussion on statefull vs. proxy. One would think about application level attacks and bring a different type of technology to support/compliment firewalls. Firewalls (PIX & FW-1) will neither help in all situations nor are a total solution for all Internet based attacks. Pez P.S. One would think about the mail viruses (maybe even better, trojans) that travel over the Internet, although we have firewalls... _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
Current thread:
- PIX sux? (was Re: Start watching your logfiles folks!) Ryan Russell (Dec 24)
- <Possible follow-ups>
- Re: PIX sux? (was Re: Start watching your logfiles folks!) Predrag Zivic (Dec 26)
- RE: PIX sux? (know Stateful vs Application) Shaun Moran (Dec 27)
- RE: PIX sux? (know Stateful vs Application) Frederick M Avolio (Dec 28)
- RE: PIX sux? (know Stateful vs Application) David Lang (Dec 28)
- RE: PIX sux? (know Stateful vs Application) Dom De Vitto (Dec 28)
- Re: PIX sux? (know Stateful vs Application) Darren Reed (Dec 30)
- RE: PIX sux? (know Stateful vs Application) Shaun Moran (Dec 27)
- Re: PIX sux? (was Re: Start watching your logfiles folks!) Ryan Russell (Dec 27)