"Luff, Darryl" <[EMAIL PROTECTED]> wrote:
>
> A packet filter only works on port numbers. If you allow connections
> on port
> 80 through the firewall to your web server, the firewall will only
> check the
> source and destination IP addresses and port numbers, and allow the
> packet
> through. So if the packets have been intentionally fiddled with in
> some way
> the 'fiddled' packet will get to the server.
Wrong. Please read Aza's question more carefully. He asked about
"stateful" packet filters. They are much more powerful than regular
filters in they *do* look at packet contents as well as packet flags,
etc. I have left the relevant portion of Aza's message intact below
from your quotation of his message.
> > -----Original Message-----
> > From: Aza Goudriaan [SMTP:[EMAIL PROTECTED]]
> > Sent: Thursday, April 13, 2000 5:01 PM
> > To: [EMAIL PROTECTED]
> > Subject: Packet Filtering vs. Proxy
> >
[ snip ]
> > 1. When reading abount packet filtering and proxies, everybody says
> that a
> > proxy gives more security than (stateful) packet filtering. Can you
> > explain
> > why?
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
