Firewall Wizards mailing list archives
Re: stealth firewalls
From: Peter Lukas <plukas () oss uswest net>
Date: Thu, 17 Jan 2002 11:09:47 -0600 (CST)
A knee-jerk pre-coffee thought is that these types of firewalls can represent a breach in connectivity from a networking perspective. since they transparently analyze and permit/deny/reject/encrypt/scan traffic, the saturation point may interfere with traffic flow. As they may also be installed as a "tap" on the line, having problems with the device may knock out connectivity (so can gateway firewalls/routers/etc, though). It represents an ideal firewall insertion scenario as the network doesn't need to be re-IP'd or re-routed since the magic box sits relatively invisibly on the wire. I've run it in Small Office/Home Office DSL/cablemodem/ISDN settings with good success using both FreeBSD and Linux. One thing to note is that under linux, some network adapter drivers (Linux's 8139too) don't take well to this and may drop more traffic than they allow. Peter Standard Disclaimer: "This message has not been screened with /bin/lawyer and has potential to ignite flames from overzealoused know-it-all's." On Wed, 16 Jan 2002, Irwin Lazar wrote:
I'm reading up a bit on stealth mode firewalls and was wondering what the industry view is toward these types of boxes. From my research, stealth mode firewalls act as LAN switches or bridges, and do not actively modify the packets they process (such as decrementing TTL). Is this correct? It seems there are some obvious advantages to stealth mode firewalls since they are completely hidden at the IP layer, but I'm wondering if there are any significant drawbacks. It seems that products are limited, only Sun's SunScreen & BSD Linux support this functionality. Any thoughts? Irwin _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- stealth firewalls Irwin Lazar (Jan 16)
- Re: stealth firewalls Nate Campi (Jan 17)
- RE: stealth firewalls Ofir Arkin (Jan 18)
- Re: stealth firewalls ark (Jan 18)
- RE: stealth firewalls Don Flanagan (Jan 19)
- Re: stealth firewalls Volker Tanger (Jan 17)
- Re: stealth firewalls ark (Jan 18)
- Re: stealth firewalls Volker Tanger (Jan 18)
- Re: stealth firewalls ark (Jan 18)
- Re: stealth firewalls Peter Lukas (Jan 17)
- Re: stealth firewalls Dave Mitchell (Jan 18)
- Re: stealth firewalls Roelof JT Jonkman (Jan 18)
- <Possible follow-ups>
- Re: stealth firewalls ark (Jan 17)
- Re: stealth firewalls ark (Jan 18)
- Re: stealth firewalls Volker Tanger (Jan 18)
- Re: stealth firewalls Valerie Anne Bubb (Jan 19)
- Re: stealth firewalls Valerie Anne Bubb (Jan 19)
- Re: stealth firewalls Nate Campi (Jan 17)