Re: Evolution of Firewalls

["Marcus J. Ranum" <mjr () ranum com>]

ArkanoiD wrote:
> Slightly OT, anyone aware of WHICH protocol subset do email clients
> use when doing IMAP4? I am still planning to implement a proxy, and RFC
> requires all servers to support the whole fscking pile of s**t!
> (still tring to imagine that terrible brain damage that may lead
> protocol designers to such an idiotic requirement)


I haven't looked at it, so I can't help you there. But the "methodology"
(it doesn't deserve the term...) I used to use is pretty straightforward.
I'd write the main loop that handles the I/O on the command stream
and then I'd put it inline with a couple of clients and implement the
command set that the client used and stop when I had it working with
a couple of clients. ;)

This worked surprisingly well, because I was able to "minimize"
everything as I worked on it - whenever a command came through
I'd ask myself "what the heck?" and figure out what it was supposed
to do and then add whatever controls I could. Look for: buffer
lengths, pathnames, execution commands, file operations,
password lengths, username lengths, extra tokens on commands,
line breaks, metacharacters where appropriate, etc. Then when
you fire up a new client you'll periodically get something new that
makes the proxy get upset - that's how you know it's working. :)

Ignore the RFCs. Remember: they're part of the problem, not a
definition of the solution. I'd go so far as to say that a proxy is
*inherently* a violation of the RFCs - if it's done right. ;)

mjr.  

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards