> to discuss the difference between stateful inspection and application
layer
> gateway, I didn't want to go to much into the details. Yes for certain
> protocols like http, ftp, smtp FW-1 is able to inspect the packet through
> layer 7.
...and for any other protocol, should it be important enough to learn the
INSPECT language and write your own protocol engine.
> But this is not the behavior for general services. Because otherwise it
> would be very astonishing why FW-1 is so much faster than Raptor Eagle
> (application layer gateway).
Not astonishing at all, IMO... Considering that the FW-1 inspect engine
runs in Ring 0 and Raptor is running out in Ring 3, the speed difference
doesn't surprise me at all.
> For the majority of protocols I think it is a smart packet filter. Further
> I don't think FW-1 stops a connection if you start a telnet session on
port
> 80 if you don't use the security server. In my opinion this was the
> original question.
Okay, I must have missed this. Why is somebody telnetting to port 80? Just
to verify a response from a web server? Why should it be blocked? I didn't
catch this at all...and I suppose it doesn't matter much, as I don't really
want to start any religious wars between stateful inspection and application
gateways.
I just couldn't help commenting, because it seems a lot of people think FW-1
doesn't inspect beyond layer 3, since its engine sits below that layer...and
some believe it to be nothing more than a traditional packet filter that
happens to keep track of open connections.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
