Firewall Wizards mailing list archives
Re: IPChains vs. IPTables
From: Nimesh Vakharia <nvakhari () clio rad sunysb edu>
Date: Mon, 29 Jul 2002 14:34:45 -0400 (EDT)
Anyone ever use the cotent inspection in ipTable?. Maintaining the application state (give the total number of applictions and complexity of each) to make decision based on the application state transistion as defined per RFC can be pretty tricky. If it actually works, this could be developed into a nice protocol anomaly engine. Anyone have pointers or documentation for this? On Thu, 25 Jul 2002, Volker Tanger wrote:
Greetings! Josh Welch wrote:From: "Patrick Darden" <darden () armc org> > > IPTables allow content inspection (making sure port 80 traffic is > web, 21 is ftp, etc.), making it a little better than a mere packet> > filter.> Truthfully, though, with tunnelling, if you don't have tight access > lists then allowing any protocol access is just as secure via> > packet filtering as packet inspection. Loki uses icmp; > > then there's ssl tunneling, ssh, and hosts of others....> IPTables does not , to my understanding, do content inspection. It does state inspection, which IPChains does not, but does not check content. How would you check content with IPTables?.There are some first (pre-alpha) patches for IPtables (2.5 kernel) that lay a foundation for packet data insprection. The "normal" IPtables only is a stateful (not inspection) packet filter, whereas IPchains only is a static (dumb) packet filter. For a detailed overview see http://www.wyae.de/secure_gateway/gateways.html Bye Volker Tanger IT-Security Consulting -- discon gmbh Wrangelstra?e 100 D-10997 Berlin fon +49 30 6104-3307 fax +49 30 6104-3461 volker.tanger () discon de http://www.discon.de/ _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- IPChains vs. IPTables Marc DVer (Jul 24)
- Re: IPChains vs. IPTables Patrick Darden (Jul 24)
- Re: IPChains vs. IPTables Josh Welch (Jul 24)
- Re: IPChains vs. IPTables Volker Tanger (Jul 25)
- Re: IPChains vs. IPTables Nimesh Vakharia (Jul 29)
- Re: IPChains vs. IPTables Josh Welch (Jul 24)
- Re: IPChains vs. IPTables Patrick Darden (Jul 24)
- Re: IPChains vs. IPTables Martin A. Brown (Jul 24)
- Re: IPChains vs. IPTables firewall-wizards (Jul 24)
- Re: IPChains vs. IPTables Brian Hatch (Jul 24)