Firewall Wizards mailing list archives
Re: Firewalls that generate new packets..
From: jdgorin () computer org
Date: Tue, 27 Nov 2007 19:21:19 +0100
Marcus J. Ranum wrote:
[...]
Last topic: "inspection" The term "inspection" has been successfully glued onto these devices by marketing weasels for over a decade. Can anyone tell me what "inspection" is going on? What is inspected, and how, and what decisions are made as a result of that inspection? I can easily enumerate the "inspection" done by early Checkpoint firewalls. It was "inspecting" the FTP command stream for lines beginning with "PORT...." and dynamically opening a return-hole rule for the ( source, destination ) pair.
I also remember that early Checkpoint firewalls broke FTP connection if the PORT command and the PORT arguments were sent in differents packets (back in those old times, some FTP gateway did that kind of tricks). That was deep but not smart inspection! New products, new guys in town, and allways the same trouble... Nothing really new on the Internet security side from more than 10 years! Some old fashioned minds and ancient lurker might survived this (no)security era ;) JDG "Reality is that which, when you stop believing in it, doesn't go away." Philipp K. Dick _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Firewalls that generate new packets.., (continued)
- Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 26)
- Re: Firewalls that generate new packets.. Bill McGee (bam) (Nov 26)
- Message not available
- Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 26)
- Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 26)
- Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 26)
- Re: Firewalls that generate new packets.. Bill McGee (bam) (Nov 26)
- Re: Firewalls that generate new packets.. Brian Loe (Nov 26)
- First there was Personal Firewall Day... Dave Piscitello (Nov 30)
- Re: Firewalls that generate new packets.. Cat Okita (Nov 27)
- Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 27)