mouss wrote:
>
> That said, I'm not completely ok with your args. while there will always
> be new ways to add new tags, it will always be possible to add fixes
> to the proxies to handle this. There are certainly some limitations, but
> the situation is quite better than with packet filters. and better is
> better.
Well, yes, but I'm concerned with the "false sense of security"
aspect of things. Most firewall "admins" will just click
the "strip scripts" checkbox and say "there, now I won't
have to worry about that anymore".
However, if you accept it for what it is, a feature that
will catch _some_ attacks and take away some of the workload
(or even give you early warning if someone triggers your
filters for more arcane variants), it isn't at all useless.
/Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 �RNSK�LDSVIK
Phone: +46-(0)660-29 92 00 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-66 77 636
WWW: http://www.enternet.se E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
