Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Stateful Proxying?

From: "Small, Jim" <jim.small () eds com>
Date: Mon, 17 Mar 2003 17:34:32 -0500
While talking about Firewalls and Proxies, I was asked, can you have a
"Stateful Proxy"?

It seems like a simple enough question, but I was not sure how to answer it.
Typically a Proxy Server doesn't forward IP packets, so it must listen for
any service it proxies and then "proxy" the service.  This almost implies
state, doesn't it?  But do Proxy servers watch ack and sequence numbers or
"keep state" like a stateful packet filter does?  Am I thinking about this
correctly?

If a Proxy Server is "stateful" then the difference between a stateful
packet filter and a stateful proxy becomes small indeed.  Would you then
classify the difference as whether or not the proxy server breaks the
connection/circuit and how for up the OSI model it checks and how thoroughly
it checks the protocols for RFC/rules conformance?

I would greatly appreciate any feedback or pointers.

Thanks,
   <> Jim


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: