Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Protecting publicly reacheable servers (e.g. HTTP)?

From: TDyson () sybex com
Date: Mon, 26 Nov 2001 07:33:21 -0800

Symantec's SEF (aka Raptor) does enforce some pretty rigid requirements on
HTTP packet formation.  It can also be used to filter allowable requests
based on regex.

One review of firewalls a year ago found that Raptor was the only firewall
to block some content based exploit they tried.

Thom Dyson
Director of Information Services
Sybex, Inc.

On 11/22/01 5:28:23 AM, "Patrick M. Hausen" <hausen () punkt de> wrote:

Dear fellow wizards,



Since all products I know of - even our beloved Gauntlet
application level proxy - don't filter HTTP requests
wrt extremly long URLs or other "malformed" stuff, that
intends to cause a buffer overflow in the web application,
I don't see any improvement by using a "firewall product"
in place of the packet filter. Well, DoS attacks targeting the
IP stack may be guarded against, but then one would try to
DoS the firewall with the same result - application out
of service.



_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: