Re: flow_depth and WMF exploit

[Jason Haar <Jason.Haar () trimble co nz>]

Jason wrote:
> You need to use a proxy that can actually enforce this behavior, cache
> the results, and speed up the handling while providing content filtering.
>   
Ahhh! Welcome back application proxies!!! All is forgiven! Bad stateful
firewall - bad! ;-)

It is ironic. When I started out in this industry, application proxies
were the only real way to control Internet access. Then the firewall
industry convinced us that stateful firewalls (and I will include NIDS
in that as a related effect) could do everything they could - and at
wire speed.

And now here we are saying "network devices" can't do what's needed.
What will happen next - they return of vinyl ? ;-)

(now where did I keep my copy of fwtk?)

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1



-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users