Firewall Wizards mailing list archives

Re: Layer 3-7 Firewall.

From: Darren Reed <darrenr () reed wattle id au>
Date: Thu, 20 Mar 2003 08:54:17 +1100 (EST)

In some email I received from Magos?nyi ?rp?d, sie wrote:
[ Charset iso-8859-2 unsupported, converting... ]

A levelez_m azt hiszi, hogy George J. Jahchan a k_vetkez_eket _rta:

Is there a SPI firewall out there that is application-layer protocol
aware?


Doing stateful inspection up from packet level to application
level is just not feasible. The problem is that the state space
explodes in an unmanageable scale. (I will  not comment on
useability of stateful packet filtering routers now, which is
one of my favourite flame war topics).


The state space does not have to explode in any greater manner
than it does for a normal application proxy.  It is however harder
to program and get right unless you're prepared to use up some
significant resources - but perhaps not any more significant than
real proxies, anyway.

btw, do you have any formal relationship with that product you
mentioned ?

Darren
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Layer 3-7 Firewall. George J. Jahchan (Mar 19)
- RE: Layer 3-7 Firewall. Ben Nagy (Mar 19)
- Re: Layer 3-7 Firewall. Magosányi Árpád (Mar 19)
  - Re: Layer 3-7 Firewall. Darren Reed (Mar 19)
- <Possible follow-ups>
- Re: RE: Layer 3-7 Firewall. broyds (Mar 19)
- RE: Layer 3-7 Firewall. Stiennon,Richard (Mar 20)
- RE: Layer 3-7 Firewall. George J. Jahchan (Mar 20)