Firewall Wizards mailing list archives
Protocol inspection
From: Josh <usenetspamtrap () yahoo com>
Date: Fri, 28 Mar 2008 10:57:57 -0700 (PDT)
I have a question, that is hopefully approriate for this list, related to application inspection (whatever the vendors call it now). We recently had some problems with SQL injection, and I have been asked to look at whether our equipment can stop the attacks. My knowledge about the attack is that there isn't a generic way to block the traffic, since a firewall can't differentiate between valid post data (to a forum, for example) vs one that is an attempt to use injection. If this is the case, any vendor's protection will just amount to responses to know attacks, and I could just as easily create a filter on my own that stops some portion of attacks (since I know better what data my webservers expect). Is this a reasonable path to go down, or is there more functionality in vendor responses to and protection against SQL injection? Thanks, Josh ____________________________________________________________________________________ Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Protocol inspection Josh (Mar 28)
- Re: Protocol inspection Darden, Patrick S. (Mar 31)
- Re: Protocol inspection Magosányi Árpád (Mar 31)
- Re: Protocol inspection Marcus J. Ranum (Mar 31)
- Re: Protocol inspection Brian Loe (Mar 31)
- Re: Protocol inspection Magosányi Árpád (Mar 31)
- Re: Protocol inspection Paul Melson (Mar 31)
- Re: Protocol inspection Darden, Patrick S. (Mar 31)