Firewall Wizards mailing list archives

Re: Firewalls that generate new packets..

From: "Marcus J. Ranum" <mjr () ranum com>
Date: Wed, 28 Nov 2007 16:59:26 -0500

AMuse wrote:

Marcus: Not that I have tons to add to the discussion, but I have to ask 
logically:  If TCP Sequence numbers did NOT make a difference then why 
do we go to so much trouble in the TCP stack to make them difficult to 
predict?


I'm not saying they don't make a difference!! That was not the objective at all.

Usually when the "proxies versus stateful" thread flares up (like herpes,
it never goes away...) I try to approach the issue from the point of
view of discussing the various controls that can be layered at various
places in the security stack, and where the leverage is (or isn't) and
so forth. This time, I thought I'd try a different tactic - namely to get
people to explore exactly what "stateful inspection" or "stateful
firewalls" are and do - what is the value or that "state"?

Yeah, me and Socrates. I'm going to go drink some hemlock now,
and prepare for the next flare-up.

mjr. 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Firewalls that generate new packets.., (continued)
- - - Re: Firewalls that generate new packets.. J. Oquendo (Nov 28)
    - Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
    - Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 28)
    - Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
    - Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 28)
    - Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 28)
    - Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 29)
    - Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 29)
    - Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 30)
    - Re: Firewalls that generate new packets.. AMuse (Nov 28)
    - Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 28)
    - Re: Firewalls that generate new packets.. AMuse (Nov 28)
    - Re: Firewalls that generate new packets.. Patrick M. Hausen (Nov 28)
    - Re: Firewalls that generate new packets.. Marcin Antkiewicz (Nov 27)
    - Re: Firewalls that generate new packets.. ArkanoiD (Nov 28)
    - Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
    - Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 28)
    - Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 29)
    - Re: Firewalls that generate new packets.. Timothy Shea (Nov 29)
    - Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 30)
    - Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 30)

(Thread continues...)