Firewall Wizards mailing list archives
RE: PIX sux? (know Stateful vs Application)
From: David Lang <dlang () diginsite com>
Date: Tue, 28 Dec 1999 12:31:10 -0800 (PST)
On Mon, 27 Dec 1999, Shaun Moran wrote:
I agree that Stateful technologies (i.e.: Layer 3) will not stop against application level attacks, but also there are serious risks with Proxy (application Level) technologies if they do not protect the firewall itself against Layer 3 attacks. Application level firewalls could have the ability to stop against application attacks (i.e.: MS RDAC) but how many of them actually do protect against these attacks ??? Most application level Firewalls I know simply relay the HTTP request to the Internal Servers.
I just put in a Raptor firewall and discovered that it does do more detailed checking of http then previous stateful inspection firewalls did. I ran into a site that generated non-printable characters in it's cookies which were blocked (with an error) by the firewall. David Lang
Current thread:
- PIX sux? (was Re: Start watching your logfiles folks!) Ryan Russell (Dec 24)
- <Possible follow-ups>
- Re: PIX sux? (was Re: Start watching your logfiles folks!) Predrag Zivic (Dec 26)
- RE: PIX sux? (know Stateful vs Application) Shaun Moran (Dec 27)
- RE: PIX sux? (know Stateful vs Application) Frederick M Avolio (Dec 28)
- RE: PIX sux? (know Stateful vs Application) David Lang (Dec 28)
- RE: PIX sux? (know Stateful vs Application) Dom De Vitto (Dec 28)
- Re: PIX sux? (know Stateful vs Application) Darren Reed (Dec 30)
- RE: PIX sux? (know Stateful vs Application) Shaun Moran (Dec 27)
- Re: PIX sux? (was Re: Start watching your logfiles folks!) Ryan Russell (Dec 27)