"Paul D. Robertson" wrote:
>
> The salient point was "applications don't automatically become immune"- to
> my mind, Telnet and FTP are designed with URG data in mind, so sending
> them URG data at the appropriate place in the protocol isn't really a big
> deal. Sending or stripping URG data based on port is only somewhat
> equivalent.
Ah, faithful to the topic, eh? :)
I was more on the line of "the problems of URG in general", but mkay:
- I install unusual app X that your proxy firewall of choice
has zero support for.
- I setup up a plug to it.
- You don't get to whine about plug-gw being a circuit relay
rather than a "true" (hehe :)) proxy.
Or, better yet:
- I install an FTP server from a vendor that cares more about 32K color
icons and drag-and-drop than RFCs and "that weird fourth parameter
to select()".
- I allow the world to connect to the server through an FTP ALG.
I believe my point is valid, as stated. (The first one at least for
proxy firewalls that have a plug-gw that relays urgent data. But of
this I know little. If you know more, I'm listening.)
Now for the meatier subthreads.
(Dzang, this topic is splitting off into more branches than the
linux kernel)
--
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 �RNSK�LDSVIK, Sweden
Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50 WWW: http://www.clavister.com
For bored sysadmins: http://lart.badf00d.org
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
