On Wed, Jul 26, 2000 at 03:27:31PM -0400, Chris Brenton wrote:
> Patrick Darden wrote:
> >
> > Ben, we disagree on our definition of stateful. RACLs do not store
> > session information (e.g. tcp sequence numbers),
>
> If this was true than most stateful packet filters would not be. Just
> did a dump on FW-1 & iptables, don't see sequence numbers stored in
> either.
How can Fw1 reconstruct texts over IP Boundaries if they dont keep track of
the Sequence number? Does this mean that the statefull inspection is not
only limited by goofy inspection scripts (asume the PORT command at the
start of the IP PAcket) but also by the Architecture of the Firewall?
Greetings
Bernd
--
(OO) -- [EMAIL PROTECTED] --
( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE
(O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
