Firewall Wizards mailing list archives
Re: Stateful Proxying?
From: Darren Reed <darrenr () reed wattle id au>
Date: Wed, 19 Mar 2003 10:44:46 +1100 (EST)
In some email I received from David Lang, sie wrote:
even the most basic proxy (the plug-gw from the FWTK for example) is as stateful as most of the stateful filter firewalls out there. the state being refered to is the state of the TCP connection not of the application data.
Were you present or otherwise have knowledge of the conversation that Jim is referring to in order to be able to claim that it's only the TCP state that is being referred to ? In essence, if "stateful proxy" means the same as "stateful filter" then it is really a meaningless conjunction of words as commonly understood in the firewall market today. A "stateful proxy" can easily be so much more. That's not to say a packet filtering solution can't have a stateful proxy either, as indeed the ftp proxy in IPFilter is a stateful proxy. btw, I'm pretty sure I could produce instances where plug-gw is less stateful than some packet filters because it doesn't maintain all the information presented on one side to the other or correctly enforce packets arriving at the proxy host to have the same characteristics. Anyway, I have more important things to do. Darren
On Tue, 18 Mar 2003, Darren Reed wrote:Date: Tue, 18 Mar 2003 23:52:52 +1100 (EST) From: Darren Reed <darrenr () reed wattle id au> To: "Small, Jim" <jim.small () eds com> Cc: firewall-wizards () honor icsalabs com Subject: Re: [fw-wiz] Stateful Proxying? In some email I received from Small, Jim, sie wrote:While talking about Firewalls and Proxies, I was asked, can you have a "Stateful Proxy"?To my way of thinking, if a proxy is stateful then it knows about the application it is working on behalf of, not just . For something like FTP, it might be whether or not the user has made a successful login or not. Of course I might be completely out of step with the rest of the world on this :-) Darren _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards.
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Stateful Proxying? Small, Jim (Mar 17)
- Re: Stateful Proxying? David Lang (Mar 17)
- Re: Stateful Proxying? Paul D. Robertson (Mar 17)
- Re: Stateful Proxying? Mike Scher (Mar 17)
- Re: Stateful Proxying? Darren Reed (Mar 18)
- Re: Stateful Proxying? David Lang (Mar 18)
- Re: Stateful Proxying? Darren Reed (Mar 18)
- Re: Stateful Proxying? David Lang (Mar 18)
- <Possible follow-ups>
- Re: Stateful Proxying? Marcus J. Ranum (Mar 17)