Firewall Wizards mailing list archives
Re: Borderware Ping Server
From: "Paul Zatychec" <zatychec () attcanada ca>
Date: Thu, 18 Oct 2001 19:55:57 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MJR wrote:
Proxies are _only_ valuable if they do extended state tracking and error checking. Very few proxies actually _do_ that kind of extended tracking and checking.
Amen - particularly regarding subtle error checking. Some time ago I seem to recall that Peter Cox of Borderware mentioned to me that they may have had thrusts into enhancing their product extensions in this regard - but my memory could well be inaccurate here.
we could have added not just attack defeating through good design, but specific detection of _known_ attacks. I.e.: let's say a web proxy defeats a WWW buffer overrun - identify the specific attack in the process of blocking it: now you've implemented what amounts to proactive intrusion detection and diagnosis. That's a really useful model;
Concur. With only one audit trail to correlate and learn from that tells you how your _system_ handled it. mjr makes the point about detection of known attacks, and I agree. What I'm not sure about is the extent to which we have made proactive use of extended error checking to dynamically profile _things_we_may_not_have_seen_before. Comments? pz -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBO89rvWtkHSFpr7XxEQIJUQCg5jOJTx7Z7ilOpOv432mJGIPagFEAnjO8 NNz3IGaZWgAnDHayd6Abmi8H =q/ND -----END PGP SIGNATURE----- _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Borderware Ping Server Don Ng (Oct 09)
- Re: Borderware Ping Server Marcus J. Ranum (Oct 09)
- RE: Borderware Ping Server Ofir Arkin (Oct 17)
- RE: Borderware Ping Server Matthew Kirkwood (Oct 18)
- RE: Borderware Ping Server Marcus J. Ranum (Oct 18)
- RE: Borderware Ping Server Ofir Arkin (Oct 18)
- RE: Borderware Ping Server Marcus J. Ranum (Oct 20)
- RE: Borderware Ping Server Ofir Arkin (Oct 23)
- RE: Borderware Ping Server Matthew Kirkwood (Oct 23)
- RE: Borderware Ping Server Ofir Arkin (Oct 23)
- RE: Borderware Ping Server Ofir Arkin (Oct 17)
- Re: Borderware Ping Server Marcus J. Ranum (Oct 09)
- Re: Borderware Ping Server Paul Zatychec (Oct 18)
- <Possible follow-ups>
- RE: Borderware Ping Server Peter Cox (Oct 11)
- RE: Borderware Ping Server Don Ng (Oct 11)