Firewall Wizards mailing list archives
Re: Botnets, IRC servers and firewalls?
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Wed, 04 Feb 2004 12:15:15 -0500
Paul Robertson wrote:
[Darned mired lurkers with too many cool toys at work...]
I've seen (and played with) Abe's toys. It's scary... I was out there and asked for some temp space for a process I was running and Abe says, "uh. ok. here. I just allocated you a terabyte area that you can have for the week." Daaaaaaamn.
as Daniel Hartmeir pointed out here last year sometime, stateful firewalls are blazingly fast doing state lookups- there's no good reason that some portion of the routing/firewalling infrastructure shouldn't be handling egress traffic policy.
Yeah. Let's see here: get a packet, do a hash to locate the flow it's related to, and compare the sequence number to see if it's in window. check the packet and see if it's a FIN or RST. spank its bottom and send it along. Speaking of which - my money says that proxy firewalls are gonna make a big comeback as soon as we "the industry" realize that simplistic "stateful filtering" isn't going to cut it for much longer. There will be hardware assists and whatnot and the "proxies" will be in-kernel modules and on-card modules but they'll be doing TCP termination and stuff like that. (e.g.: real proxying)
Personally, I always preferred to have application gateways who were the only boxes *allowed* to speak outside the network- made my filtering rules so much easier.
It's not just easier, it's a whole lot more secure. You can have a network where you have no default routes to the Internet. That does a heck of a lot to confuse bots and makes them very easy to detect. mjr. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Botnets, IRC servers and firewalls?, (continued)
- Re: Botnets, IRC servers and firewalls? Chris Blask (Feb 04)
- Re: Botnets, IRC servers and firewalls? Jeremiah Cornelius (Feb 04)
- Re: Botnets, IRC servers and firewalls? Chris Blask (Feb 04)
- Message not available
- Re: Botnets, IRC servers and firewalls? Marcus J. Ranum (Feb 04)
- Re: Botnets, IRC servers and firewalls? Mark Tinberg (Feb 05)
- Re: Botnets, IRC servers and firewalls? Paul Robertson (Feb 03)
- Re: Botnets, IRC servers and firewalls? Abe Singer (Feb 03)
- Re: Botnets, IRC servers and firewalls? Jeremiah Cornelius (Feb 03)
- Re: Botnets, IRC servers and firewalls? Abe Singer (Feb 03)
- Re: Botnets, IRC servers and firewalls? Marcus J. Ranum (Feb 04)
- Re: Botnets, IRC servers and firewalls? Patrick M. Hausen (Feb 04)
- Re: Botnets, IRC servers and firewalls? Marcus J. Ranum (Feb 04)
- Re: Botnets, IRC servers and firewalls? Chris Blask (Feb 04)
- Re: Botnets, IRC servers and firewalls? Patrick M. Hausen (Feb 05)
- Re: Botnets, IRC servers and firewalls? mlh (Feb 04)
- Re: Botnets, IRC servers and firewalls? Gadi Evron (Feb 05)
- Re: Botnets, IRC servers and firewalls? Paul Robertson (Feb 05)