Firewall Wizards mailing list archives
Re: Gauntlet adaptive proxies
From: Kevin Steves <stevesk () sweden hp com>
Date: Thu, 12 Nov 1998 19:07:28 +0100 (MET)
On Thu, 12 Nov 1998, Darren Reed wrote: : > One quote from the paper is: "With an adaptive proxy firewall, initial : > security examinations are still conducted at the secure application : > layer, but subsequent packets can be redirected through the network : > layer as soon as the security clearance has been made". In the case : > above I assume the proxy has built a new TCP connection to the : > destination server, then at some point decides it's OK to packet filter : > the connection. What about address and sequence number translation in : > this case? : : I can't see that as being an obstacle. All the information is there, : somewhere, you just have to get it and massage it appropriately when : sending packets back and forth. It's certainly doable. But I guess it's not clear from the whitepaper whether Gauntlet's adaptive proxy implementation does this (vs. maybe delaying the connection to the destination host until the security clearance has been made?). I'd like more details (maybe a technical whitepaper instead of a marketing/management whitepaper). : Heck, I can envisage being able to even go back into "proxy mode" from : packet forwarding. That would be cool.
Current thread:
- Re: Gauntlet adaptive proxies Dale Lancaster (Nov 08)
- Re: Gauntlet adaptive proxies Joseph S D Yao (Nov 09)
- <Possible follow-ups>
- RE: Gauntlet adaptive proxies ICMan (Nov 09)
- Re: Gauntlet adaptive proxies Rodney van den Oever (Nov 09)
- Re: Gauntlet adaptive proxies Darren Reed (Nov 09)
- Re: Gauntlet adaptive proxies Kevin Steves (Nov 11)
- Re: Gauntlet adaptive proxies Darren Reed (Nov 12)
- Re: Gauntlet adaptive proxies Kevin Steves (Nov 12)
- Re: Gauntlet adaptive proxies Darren Reed (Nov 09)
- Re: Gauntlet adaptive proxies Joseph S D Yao (Nov 09)
- Re: Gauntlet adaptive proxies carson (Nov 10)