Vulnerability Development mailing list archives
Re: Information on Raptor
From: kos () BASTARD NET (kos)
Date: Wed, 1 Mar 2000 09:07:57 -0500
For what it's worth, I've been running Raptor 5 and 6 on solaris 2.6 for a year. I don't think I've seen a more broken product: o The gui has more bugs than I want to remember o The firewall forgets rules, especially when groups of hosts are involved o The machine panics repeatedly, classic ip filtering bug where the solaris scheduler performs an unaligned memory access. No, it isn't the os. o The implementation of packet filtering doesn't make sense, at least to me o The http proxy coredumps when trying to calculate statistics, as of 6.02 patched o The udp plug gateway (udp_gsp) has socket caching problems. It drops packets rather than dropping cache entries. PCAnywhere freezes it solid. o dnsd (their own DNS implementation) doesn't check for spoofed replies and is unmanageable via the GUI (bugs) and command line (it uses /etc/hosts). o The main raptor process (gwcontrol) leaks memory. I'm forced to reboot once every two weeks (not for long; this product will be kicked out soon) o Tons of undocumented options that you have to look for using strings. Like, how do you rule synchronize two raptor boxes? How do you update your url white list via the command line? o You can't define ranges of ports to be used in plug gateway fashion. o No resiliency. I think stonesoft now supports it, but it won't change my mind about the product. o Vendor support is nonexistant for the above problems. They don't even know what a kernel core file is, let alone be able to examine it. The fact is we're pushing the box hard in some cases, but that's no excuse. The iron it runs on can push quite a lot of packets/io. I'm pretty certain they've shifted to mainly supporting NT, and bless them for that since the Unix market doesn't need such products. Later, Kos --
Current thread:
- Re: Information on Raptor kos (Mar 01)