Hi,
Try to think in an Web Attack, where a attacker explore a vulnerability
in a Web Server and open a shell for execute commands. An application
gateway firewall can stop this kind of attack and this is something a
packet filter cannot do.
At
Marlon
----- Original Message -----
From: Fredy Santana <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, July 24, 2000 10:36 AM
Subject: Re(2): Poor practice of using a router as a firewall
> Hi Everybody:
>
> I had read the discussion and I thought: Well, Let's forget the
firewalls
> and let's start to use the IOS Firewall Feature Set in our routers, or
> simply use the ACL's to mantain our networks secure!! :-). This is
enough.
>
> Now seriously speaking, Does anyone knows a case of a router with
ACL's
> penetrated, and if this could be avoided with a traditional firewall
(like
> Gauntet, Firewall-1 or Sonicwall)
>
> Regards from Chile
>
>
>
> [EMAIL PROTECTED] writes:
> >
> >
> >Peter Bruderer wrote:
> >>
> >> As soon as you let traffic pass your firewall from the outside
> >> to the inside even if it is just one single service, it does not
> >> matter what kind of firewall you have. The firewall can just
> >> reduce the number of ports you are allowed to connect to. But if
> >> the server you are connecting to is vulnerable on the
> >> application layer, the firewall cannot stop an attacker.
> >
> >Unless the firewall manages to catch the application layer attack,
> >that is :) No, really, I agree; application layer filtering
> >is tricky business and noone comes even remotely close to being
> >good at it these days with the plethora of protocols and
> >increasing complexity in HTTP & co.
> >
> >
> >--
> >Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 �RNSK�LDSVIK
> >Phone: +46-(0)660-29 92 00 Fax: +46-(0)660-122 50
> >Mobile: +46-(0)70-66 77 636
> >WWW: http://www.enternet.se E-mail: [EMAIL PROTECTED]
> >-
> >[To unsubscribe, send mail to [EMAIL PROTECTED] with
> >"unsubscribe firewalls" in the body of the message.]
>
>
>
> Saludos
> Fredy R. Santana V.
> Ingeniero Civil El�ctrico
> Orion 2000 - Servicios Profesionales en Seguridad Inform�tica
> La Concepcion 322 piso 12, Providencia.
> Fono: 6403944 - [EMAIL PROTECTED]
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
