Firewall Wizards mailing list archives
Re: Firewalls that generate new packets..
From: Matthew Hannigan <mlh () zip com au>
Date: Thu, 15 Nov 2007 11:42:18 +1100
On Wed, Nov 14, 2007 at 02:58:37PM +1100, Kelly Robinson wrote:
Some firewalls, after receiving a packet, generate a new packet and populate it with data from the original, rather than forwarding the same packet that was received. What are the advantages and disadvantages of this approach? And does anyone have any examples of any firewalls that do this on the market?
I guess all proxying fireawalls like the original fwtk do this. Advantage: Your firewall is more trusted not to do funky stuff that might upset internal servers. Directly concomitant disadvantage: The packet may not be an entirely faithful version of the original (besides the obvious source addr/port) _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Firewalls that generate new packets.. Kelly Robinson (Nov 14)
- Re: Firewalls that generate new packets.. ArkanoiD (Nov 17)
- Re: Firewalls that generate new packets.. John Adams (Nov 17)
- Re: Firewalls that generate new packets.. Matthew Hannigan (Nov 17)
- Re: Firewalls that generate new packets.. Dave Piscitello (Nov 17)
- Re: Firewalls that generate new packets.. ArkanoiD (Nov 19)
- Re: Firewalls that generate new packets.. Dave Piscitello (Nov 17)
- Re: Firewalls that generate new packets.. Paul Melson (Nov 17)
- Re: Firewalls that generate new packets.. Dave Piscitello (Nov 19)
- Re: Firewalls that generate new packets.. Timothy Shea (Nov 19)
- Re: Firewalls that generate new packets.. ArkanoiD (Nov 21)
- Re: Firewalls that generate new packets.. Dave Piscitello (Nov 23)
- Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 23)
- Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 25)
- Re: Firewalls that generate new packets.. ArkanoiD (Nov 21)
- Re: Firewalls that generate new packets.. Paul Melson (Nov 23)