Re: Analyzing a Cisco firewalls connection table

[Carson Gaspar <carson () taltos org>]

Paul D. Robertson wrote:

> 2.  Why do people insist on archiving using rar instead of zip?  I can't 
> imagine letting a RAR file through a content filter, heck I don't even 
> like to allow .zips!

RAR has a much better compression ration than ZIP. And _anything_ has to 
be better as a file format than ZIP is. I've written a ZIP file 
validation tool for use in email attachment scanning, and it isn't 
pretty (the filename is in 2 places - which do you use?). There are at 
least 2 corner cases  where you can't reliably parse the ZIP file at all 
(Hint: _never_ put ZIP magic numbers inside comments if you want to get 
your data back...)

Of course I haven't looked at RAR's file format, so it's possible that 
it's even worse. But that would take effort...

--
Carson

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards