Firewall Wizards mailing list archives
Re: Protecting publicly reacheable servers (e.g. HTTP)?
From: TDyson () sybex com
Date: Mon, 26 Nov 2001 07:33:21 -0800
Symantec's SEF (aka Raptor) does enforce some pretty rigid requirements on HTTP packet formation. It can also be used to filter allowable requests based on regex. One review of firewalls a year ago found that Raptor was the only firewall to block some content based exploit they tried. Thom Dyson Director of Information Services Sybex, Inc. On 11/22/01 5:28:23 AM, "Patrick M. Hausen" <hausen () punkt de> wrote:
Dear fellow wizards,
Since all products I know of - even our beloved Gauntlet application level proxy - don't filter HTTP requests wrt extremly long URLs or other "malformed" stuff, that intends to cause a buffer overflow in the web application, I don't see any improvement by using a "firewall product" in place of the packet filter. Well, DoS attacks targeting the IP stack may be guarded against, but then one would try to DoS the firewall with the same result - application out of service.
_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Protecting publicly reacheable servers (e.g. HTTP)?, (continued)
- Re: Protecting publicly reacheable servers (e.g. HTTP)? Marcus J. Ranum (Nov 25)
- Re: Protecting publicly reacheable servers (e.g. HTTP)? Adam Shostack (Nov 26)
- Re: Protecting publicly reacheable servers (e.g. HTTP)? Stephen P. Berry (Nov 27)
- Re: Protecting publicly reacheable servers (e.g. HTTP)? Marcus J. Ranum (Nov 25)
- Re: Protecting publicly reacheable servers (e.g. HTTP)? Predrag Zivic (Nov 25)
- Re: Protecting publicly reacheable servers (e.g. HTTP)? Frederick M Avolio (Nov 25)
- RE: Protecting publicly reacheable servers (e.g. HTTP)? Jason Lewis (Nov 27)
- Re: Protecting publicly reacheable servers (e.g. HTTP)? Steven M. Bellovin (Nov 25)
- Re: Protecting publicly reacheable servers (e.g. HTTP)? Yehavi Bourvine +972-2-6585684 (Nov 25)
- Re: Protecting publicly reacheable servers (e.g. HTTP)? Stephane Nasdrovisky (Nov 25)
- Re: Protecting publicly reacheable servers (e.g. HTTP)? ark (Nov 26)
- Re: Protecting publicly reacheable servers (e.g. HTTP)? TDyson (Nov 26)
- Re: Protecting publicly reacheable servers (e.g. HTTP)? Steven M. Bellovin (Nov 26)