Firewall Wizards mailing list archives

Re: Firewalls that generate new packets..

From: Matthew Hannigan <mlh () zip com au>
Date: Thu, 15 Nov 2007 11:42:18 +1100

On Wed, Nov 14, 2007 at 02:58:37PM +1100, Kelly Robinson wrote:

Some firewalls, after receiving a packet, generate a new packet and populate
it with data from the original, rather than forwarding the same packet that
was received. What are the advantages and disadvantages of this approach?
And does anyone have any examples of any firewalls that do this on the
market?


I guess all proxying fireawalls like the original fwtk do this.

Advantage:

Your firewall is more trusted not to do funky stuff
that might upset internal servers.

Directly concomitant disadvantage:

The packet may not be an entirely faithful
version of the original (besides the obvious
source addr/port)




_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Firewalls that generate new packets.. Kelly Robinson (Nov 14)
- Re: Firewalls that generate new packets.. ArkanoiD (Nov 17)
- Re: Firewalls that generate new packets.. John Adams (Nov 17)
- Re: Firewalls that generate new packets.. Matthew Hannigan (Nov 17)
  - Re: Firewalls that generate new packets.. Dave Piscitello (Nov 17)
    - Re: Firewalls that generate new packets.. ArkanoiD (Nov 19)
- Re: Firewalls that generate new packets.. Paul Melson (Nov 17)
  - Re: Firewalls that generate new packets.. Dave Piscitello (Nov 19)
- Re: Firewalls that generate new packets.. Timothy Shea (Nov 19)
  - Re: Firewalls that generate new packets.. ArkanoiD (Nov 21)
    - Re: Firewalls that generate new packets.. Dave Piscitello (Nov 23)
    - Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 23)
    - Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 25)
  - Re: Firewalls that generate new packets.. Paul Melson (Nov 23)

(Thread continues...)