Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Protecting publicly reacheable servers (e.g. HTTP)?

From: Adam Shostack <adam () homeport org>
Date: Mon, 26 Nov 2001 11:54:53 -0500
On Sun, Nov 25, 2001 at 10:52:44PM -0500, Marcus J. Ranum wrote:
| ark () eltex ru wrote:
| >I am still trying to figure out how to prevent data-driven attacks
| >on proxy level.
| 
| I don't think it can be done. The only chance is to be super
| restrictive in what you accept - to the point of accepting
| nothing. If you do that, you generally defeat your objectives
| if you're trying to actually exchange information with
| someone. :(

That you can't succeed is no reason not to try.  :)  You just have to
be clever about what you try, and acknowledge that it will have
limitations.

In this vein, I think stackguard is a useful tool, as are RATS and
ITS4.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
                                                       -Hume


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: