Firewall Wizards mailing list archives

RE: stealth firewalls

From: "Ofir Arkin" <ofir () sys-security com>
Date: Thu, 17 Jan 2002 20:52:09 -0000

To deal with large volumes of traffic, one would need a hardware based
solution and not a software based solution.

There are products out there that are capable of handling up to 2.5Gbps
(some might handle even higher volume of traffic) of traffic volume.

Stealth might also suggest that the firewall is an undetected entity in
the packet's path to its destination. 

Some other products that I know of their development use a different
niche and handle abnormalities differently.  

Ofir Arkin [ofir () sys-security com]
The Sys-Security Group
http://www.sys-security.com
PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA 


-----Original Message-----
From: firewall-wizards-admin () nfr com
[mailto:firewall-wizards-admin () nfr com] On Behalf Of Nate Campi
Sent: ה 17 ינואר 2002 1:49
To: Irwin Lazar
Cc: 'firewall-wizards () nfr com'
Subject: Re: [fw-wiz] stealth firewalls

On Wed, Jan 16, 2002 at 02:00:53PM -0700, Irwin Lazar wrote:

I'm reading up a bit on stealth mode firewalls and was wondering what

the

industry view is toward these types of boxes.  From my research,

stealth

mode firewalls act as LAN switches or bridges, and do not actively

modify

the packets they process (such as decrementing TTL).  Is this correct?

It seems there are some obvious advantages to stealth mode firewalls

since

they are completely hidden at the IP layer, but I'm wondering if there

are

any significant drawbacks.  It seems that products are limited, only

Sun's

SunScreen & BSD Linux support this functionality.

Any thoughts?


Most firewalls hosted on general-purpose UNIX hosts can't handle the 
large amounts of traffic that many of us would need to throw at it. 

Recently my work needed syn-flood protection for a network where 
outgoing traffic filled the two 100mbit uplinks, and only dedicated 
devices could fill this niche. The one they use is uses the same
approach, essentially bridging the traffic.
-- 
Nate Campi     http://www.campin.net    GnuPG key: 0xC17AEF79   

One morning I shot an elephant in my pyjamas. How he got into my pyjamas
I'll never know.  - Groucho Marx

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

stealth firewalls Irwin Lazar (Jan 16)
- Re: stealth firewalls Nate Campi (Jan 17)
  - RE: stealth firewalls Ofir Arkin (Jan 18)
  - Re: stealth firewalls ark (Jan 18)
    - RE: stealth firewalls Don Flanagan (Jan 19)
- Re: stealth firewalls Volker Tanger (Jan 17)
  - Re: stealth firewalls ark (Jan 18)
    - Re: stealth firewalls Volker Tanger (Jan 18)
- Re: stealth firewalls Peter Lukas (Jan 17)
- Re: stealth firewalls Dave Mitchell (Jan 18)
- Re: stealth firewalls Roelof JT Jonkman (Jan 18)
- <Possible follow-ups>
- Re: stealth firewalls ark (Jan 17)
- Re: stealth firewalls ark (Jan 18)

(Thread continues...)