Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Firewalls that generate new packets..

From: jdgorin () computer org
Date: Tue, 27 Nov 2007 19:21:19 +0100


Marcus J. Ranum wrote:

[...]

Last topic: "inspection"  The term "inspection" has been
successfully glued onto these devices by marketing
weasels for over a decade. Can anyone tell me what
"inspection" is going on? What is inspected, and how, and
what decisions are made as a result of that inspection?

I can easily enumerate the "inspection" done by early
Checkpoint firewalls. It was "inspecting" the FTP command
stream for lines beginning with "PORT...." and dynamically
opening a return-hole rule for the ( source, destination ) pair.


I also remember that early Checkpoint firewalls broke FTP connection if the PORT
command and the PORT arguments were sent in differents packets (back in those
old times, some FTP gateway did that kind of tricks).
That was deep but not smart inspection!

New products, new guys in town, and allways the same trouble... Nothing really
new on the Internet security side from more than 10 years!
Some old fashioned minds and ancient lurker might survived this (no)security era
;)


JDG
"Reality is that which, when you stop believing in it, doesn't go away."
Philipp K. Dick

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: