Firewall Wizards mailing list archives
Re: Firewall comparison in Data Communications
From: "Steven M. Bellovin" <smb () research att com>
Date: Thu, 03 Jun 1999 07:44:58 -0400
In message <19990601142700.A10893 () progressive-systems com>, "Ge' Weijers" write s:
The bugs in the host O/S are still relevant, if they can be exploited using packets that look valid to the firewall. Some exploits use syntactically valid packets, and a packet-at-a-time firewall may not protect you against that if you allow incoming traffic to
Right. More fundamentally, firewalls can't protect you against bugs at a higher level of the protocol stack. An IP+port number firewall (i.e., a typical packet filter) is blind to TCP holes. For that matter, it's blind to attacks based on other portions of the IP packet that it doesn't look at -- 'ping of death' comes to mind.
Current thread:
- RE: Firewall comparison in Data Communications, (continued)
- RE: Firewall comparison in Data Communications Alexander Schreiber (Jun 03)
- Re: Firewall comparison in Data Communications Chris Brenton (Jun 03)
- Re: Firewall comparison in Data Communications Ge' Weijers (Jun 02)
- RE: Firewall comparison in Data Communications David Newman (Jun 02)
- RE: Firewall comparison in Data Communications Kevin Steves (Jun 14)
- RE: Firewall comparison in Data Communications W J La Cholter (Jun 03)
- Re: Firewall comparison in Data Communications Don Kendrick (Jun 03)
- RE: Firewall comparison in Data Communications Russ (Jun 03)
- RE: Firewall comparison in Data Communications csingletary (Jun 03)
- RE: Firewall comparison in Data Communications Rob Polansky (Jun 04)
- Re: Firewall comparison in Data Communications Steven M. Bellovin (Jun 03)
- Re: Firewall comparison in Data Communications Ge' Weijers (Jun 03)
- Re: Firewall comparison in Data Communications dnewman (Jun 03)
- Re: Firewall comparison in Data Communications Ge' Weijers (Jun 03)
- Re: Firewall comparison in Data Communications Kevin Steves (Jun 14)
- RE: Firewall comparison in Data Communications Robert Graham (Jun 03)