Re: stealth firewalls

[ark () eltex ru]

-----BEGIN PGP SIGNED MESSAGE-----

I don't think it is really an advantage. The functionality is limited to
stateful packet filtering and it is no good. And i don't see any _real_
security advantages in "stealth" mode. Yep, it sounds cool but actually if
there is a flaw in filtering engine it does not matter if firewall is "stealth"
or not. You can just turn all listening services off and be exactly that secure.

Actually one _can_ build a stealth application firewall but i see no good
reason to do that.

Irwin Lazar <ILazar () burtongroup com> said :

> I'm reading up a bit on stealth mode firewalls and was wondering what the
> industry view is toward these types of boxes.  From my research, stealth
> mode firewalls act as LAN switches or bridges, and do not actively modify
> the packets they process (such as decrementing TTL).  Is this correct?
>
> It seems there are some obvious advantages to stealth mode firewalls since
> they are completely hidden at the IP layer, but I'm wondering if there are
> any significant drawbacks.  It seems that products are limited, only Sun's
> SunScreen & BSD Linux support this functionality.
>
> Any thoughts?


                                     _     _  _  _  _      _  _
 {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
 (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
 [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1i

iQCVAwUBPEa4AaH/mIJW9LeBAQE0wwP/YQzU0swCJcRAXQwCcS7Eg5uZnKdWhYyH
wd3VpduwEngWiuaN1wIG+oHbxWZMnRvUwc4fSI2vHs9842bCh6TUxweAT5NMEmrl
Dy/G2FsKdoo+90lk0DRMbaNYdDLQL2cKVRDca3FJ8i0/WxzWzIUsGwLx1BNg7pZt
5pTkMe2IkKQ=
=XSjl
-----END PGP SIGNATURE-----
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards