Firewall Wizards mailing list archives
Re: Firewalls that generate new packets..
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Tue, 27 Nov 2007 23:13:23 -0500
Marcin Antkiewicz wrote:
I am not the authority on the subject but, if I am correct, the first firewalls did not even have packet filters - traffic went through a proxy, and protocols that were not supported/proxy friendly were transfered via some kind of authenticated IP replay thingey (or was it decnet to IP bridge?)
It's not sure what the "first" firewalls were, because there were a fair number of things in play around the mid/late 80's called "firewalls." Dave Presotto's firewall at Bell Labs involved a mix of proxies and circuit relays. Brian Reid, Geoff Mogul and Paul Vixie at DEC West were managing a "firewall" that most of us today would term a "dual homed gateway" - users had shell level access and logged into the device, making /bin/sh a rather open-ended "proxy." Most of us would call Presotto's system the first true firewall, but (as you can imagine) there are a lot of people who want to stake their claim to various pieces of the puzzle. On a related and somewhat amusing unhistorical note, the US Patent Office continues to grant patents for proxy firewalls. At least once (and sometimes twice) a year, I get excited calls from lawyers wanting to hire me as a consultant to help them sue some big firewall vendor or other for infringing on a ground-breaking idea like proxy transparency (first shipped in borderguard but simultaneously implemented in Gauntlet, Centri, and AT&T's firebrick) or content scanning (first shipped in DEC SEAL - sort of - and later in Secure Computing Sidewinder's marketing literature, and then a host of others) etc, etc. I can't decide whether to laugh or cry. mjr. _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Firewalls that generate new packets.., (continued)
- Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 29)
- Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 29)
- Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 30)
- Re: Firewalls that generate new packets.. AMuse (Nov 28)
- Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 28)
- Re: Firewalls that generate new packets.. AMuse (Nov 28)
- Re: Firewalls that generate new packets.. Patrick M. Hausen (Nov 28)
- Re: Firewalls that generate new packets.. Marcin Antkiewicz (Nov 27)
- Re: Firewalls that generate new packets.. ArkanoiD (Nov 28)
- Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
- Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 28)
- Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 29)
- Re: Firewalls that generate new packets.. Timothy Shea (Nov 29)
- Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 30)
- Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 30)
- Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 27)
- Re: Firewalls that generate new packets.. Anton Chuvakin (Nov 27)
- Message not available
- Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 27)
- Re: Firewalls that generate new packets.. Anton Chuvakin (Nov 28)
- Re: Firewalls that generate new packets.. jason (Nov 27)
- Re: Firewalls that generate new packets.. Patrick M. Hausen (Nov 28)