On Wednesday, March 08, 2000 3:34 PM, John Adams [SMTP:[EMAIL PROTECTED]]
wrote:
> On Wed, 8 Mar 2000, Ng, Kenneth (US) wrote:
>
> > You want the truth? I caught one major firewall vendor in a big lie
over
> > this one. Their so called proxy was nothing more than a transparent
> > connection, yet when I asked them if I put a telnet daemon on another
>
> Very few firewalls actually check that the protocol travelling over a
> particular port -really is- what the port is supposed to be used for.
If this is the case, and I am at least partly inclined to believe it, then
why do we have application proxy firewalls at all? I could save a fortune
switching to CheckPoint or even a Cisco router with filtering.
Also, this is another plug for Open Source. When I had the TIS, it came
with the source code, I could see what it was doing, and several times I
really did go in and trace through the logic (had to diagnose a problem, one
version of Microsoft IIS always assumed that a response will come back in
one packet. If the packet got broken up into two packets, perfectly legit
TCP, IIS blew up).
*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized.
If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.
*****************************************************************************
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
