At 02:01 10/09/00 -0700, Aaron Schultz wrote:
>Some of the commercial products, such as Computer Associates' E-trust
>suite claim that they can watch for what is "regular" traffic and notice
>based on that, when something is out of the ordinary. I've even heard of
>people using their products to evaluate trends to estimate when their next
>e-mail will be delivered.
>
>Besides watching for trends, some of the commercial firewalls perform the
>network-based detection of possible attack packets and stop them rather
>than simply "watching the network" and paging someone about attacks.
I'd yet to see design documents that explain what they exactly do. It is an old
habit of marketing departmens to find "nice" phrases to explain the would-be
revolutionary features of their products. On the other hand, developprs of
IPChains,
IPfilters and the like (ipfw, iptables, ....) are volunteers who have no
money to give
for marketing blahblah.
In my opinion, the available open source packet filters are comarable to
what commercial
firewalls provide. They are even superior to many of the commercial FWs
filters.
"watching for regular stuff" is more an issue for IDS than or the filters.
Indeed, either the
implementation is light and is thus really insufficient, or it is
"complete" and consumes
too much resources which makes it unusable on a FW (if you spend your time
cheking
your numerous patterns, your packet queue is gonna stay full...).
That's my opinion...
regards,
mouss
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
