>>>>> "Rick" == Rick Murphy <[EMAIL PROTECTED]> writes:
Rick> Not easily done as far as I can tell - you would need to write a new
Rick> INSPECT script for FTP to make this work. I don't know if anyone has
Rick> managed to get this to work. (Checkpoint's response to this problem is that
Rick> the ftp-gw is violating the RFC, thus it's a non-problem as far as they're
Rick> concerned.)
If you'd care to quote chapter and verse to checkpoint, you can locate the
section of the RFC that _recommends_ that data_port = control_port - 1. It
does not _require_ that to be so.
Checkpoint is making an _assumption_ and is violating the "liberal in what
you accept" principal, for no real security advantage.
--
Carson Gaspar -- [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
http://www.cs.columbia.edu/~carson/home.html
Queen Trapped in a Butch Body
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
