Re: Borderware Ping Server

["Paul Zatychec" <zatychec () attcanada ca>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

MJR wrote:
> Proxies are _only_ valuable if they do extended state tracking and
> error checking. Very few proxies actually _do_ that kind of extended
> tracking and checking. 

Amen - particularly regarding subtle error checking.  

Some time ago I seem to recall that Peter Cox of Borderware 
mentioned to me that they may have had thrusts into enhancing their 
product extensions in this regard - but my memory could well be 
inaccurate here.

> we could have 
> added not just attack defeating through good design, but specific
> detection of _known_ attacks. I.e.: let's say a web proxy defeats a
> WWW buffer overrun - identify the specific attack in the process of
> blocking it: now you've implemented what amounts to proactive
> intrusion detection and diagnosis. 
> That's a really useful model; 

Concur.  With only one audit trail to correlate and learn from that
tells
you how your _system_ handled it.

mjr makes the point about detection of known attacks, and I agree.  
What I'm not sure about is the extent to which we have made 
proactive use of extended error checking to dynamically profile 
_things_we_may_not_have_seen_before.
Comments?
pz

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBO89rvWtkHSFpr7XxEQIJUQCg5jOJTx7Z7ilOpOv432mJGIPagFEAnjO8
NNz3IGaZWgAnDHayd6Abmi8H
=q/ND
-----END PGP SIGNATURE-----


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards