Firewall Wizards mailing list archives
RE: stealth firewalls
From: "Ofir Arkin" <ofir () sys-security com>
Date: Thu, 17 Jan 2002 20:52:09 -0000
To deal with large volumes of traffic, one would need a hardware based solution and not a software based solution. There are products out there that are capable of handling up to 2.5Gbps (some might handle even higher volume of traffic) of traffic volume. Stealth might also suggest that the firewall is an undetected entity in the packet's path to its destination. Some other products that I know of their development use a different niche and handle abnormalities differently. Ofir Arkin [ofir () sys-security com] The Sys-Security Group http://www.sys-security.com PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA -----Original Message----- From: firewall-wizards-admin () nfr com [mailto:firewall-wizards-admin () nfr com] On Behalf Of Nate Campi Sent: ה 17 ינואר 2002 1:49 To: Irwin Lazar Cc: 'firewall-wizards () nfr com' Subject: Re: [fw-wiz] stealth firewalls On Wed, Jan 16, 2002 at 02:00:53PM -0700, Irwin Lazar wrote:
I'm reading up a bit on stealth mode firewalls and was wondering what
the
industry view is toward these types of boxes. From my research,
stealth
mode firewalls act as LAN switches or bridges, and do not actively
modify
the packets they process (such as decrementing TTL). Is this correct? It seems there are some obvious advantages to stealth mode firewalls
since
they are completely hidden at the IP layer, but I'm wondering if there
are
any significant drawbacks. It seems that products are limited, only
Sun's
SunScreen & BSD Linux support this functionality. Any thoughts?
Most firewalls hosted on general-purpose UNIX hosts can't handle the large amounts of traffic that many of us would need to throw at it. Recently my work needed syn-flood protection for a network where outgoing traffic filled the two 100mbit uplinks, and only dedicated devices could fill this niche. The one they use is uses the same approach, essentially bridging the traffic. -- Nate Campi http://www.campin.net GnuPG key: 0xC17AEF79 One morning I shot an elephant in my pyjamas. How he got into my pyjamas I'll never know. - Groucho Marx _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- stealth firewalls Irwin Lazar (Jan 16)
- Re: stealth firewalls Nate Campi (Jan 17)
- RE: stealth firewalls Ofir Arkin (Jan 18)
- Re: stealth firewalls ark (Jan 18)
- RE: stealth firewalls Don Flanagan (Jan 19)
- Re: stealth firewalls Volker Tanger (Jan 17)
- Re: stealth firewalls ark (Jan 18)
- Re: stealth firewalls Volker Tanger (Jan 18)
- Re: stealth firewalls ark (Jan 18)
- Re: stealth firewalls Peter Lukas (Jan 17)
- Re: stealth firewalls Dave Mitchell (Jan 18)
- Re: stealth firewalls Roelof JT Jonkman (Jan 18)
- <Possible follow-ups>
- Re: stealth firewalls ark (Jan 17)
- Re: stealth firewalls ark (Jan 18)
(Thread continues...)
- Re: stealth firewalls Nate Campi (Jan 17)