On Thu, Nov 30, 2000 at 09:37:10PM -0500, Bill Royds wrote:
> Since FW-1 uses stateful packet inspection rather than application proxies
> (mostly), it should be easier to examine.
nope, it is quite complicated to verify kernel ode interrupt handlers with
al kind of concrrency problems and undefined protection from the os.
It is much more easy to verify a 10 line user mode program which uses normal
socket operations. Take a look at the old FWTK Papers on that Topic. Of
course this asumes you trust the OS.
Greetings
Bernd
--
(OO) -- [EMAIL PROTECTED] --
( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE
(O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
