Re: stealth firewalls

[Nate Campi <nate () campin net>]

On Wed, Jan 16, 2002 at 02:00:53PM -0700, Irwin Lazar wrote:
> I'm reading up a bit on stealth mode firewalls and was wondering what the
> industry view is toward these types of boxes.  From my research, stealth
> mode firewalls act as LAN switches or bridges, and do not actively modify
> the packets they process (such as decrementing TTL).  Is this correct?
>
> It seems there are some obvious advantages to stealth mode firewalls since
> they are completely hidden at the IP layer, but I'm wondering if there are
> any significant drawbacks.  It seems that products are limited, only Sun's
> SunScreen & BSD Linux support this functionality.
>
> Any thoughts?

Most firewalls hosted on general-purpose UNIX hosts can't handle the 
large amounts of traffic that many of us would need to throw at it. 

Recently my work needed syn-flood protection for a network where 
outgoing traffic filled the two 100mbit uplinks, and only dedicated 
devices could fill this niche. The one they use is uses the same
approach, essentially bridging the traffic.
-- 
Nate Campi     http://www.campin.net    GnuPG key: 0xC17AEF79   

One morning I shot an elephant in my pyjamas. How he got into my pyjamas
I'll never know.  - Groucho Marx

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards