On Wed, 24 Jan 2001, Bernd Eckenfels wrote:
> On Tue, Jan 23, 2001 at 12:49:39PM -0600, Ron DuFresne wrote:
> > To what degree though is the packet inspection?
>
> You can script it. The degree is much lesser than checkpoint is claiming
> (proofed by ICMP statelessness, by FTP Port Attacks and so on).
>
> It is actually in the default scripots not very secure (remeber the
> mime/outlook buffer overrun, of course not trapped by statefull inspection).
> So the question is, if one needs more than just "peeking" into the
> protocols. And if yes, if a transparent application proxy isnt the better
> idea.
Undertood, and agreed, yet, what about proxies? They are not all the
same, and there is question to which are better and why? What do the
better end proxies do over the rest of the pack?
Thanks,
Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
