On Wed, 28 Jun 2000, Jason Witty wrote:
: According to my sources at Check Point, 4.1 SP1 does support the
: stateful inspection of TRACEROUTE, but they are unsure as to whether
And what exactly does it mean to support stateful inspection of
traceroute? I need to understand the security ramifications of opening
some kind of access, which means I need to know exactly how that access
is mediated. cp doesn't want to provide that information.
This is a problem with fw-1, and has been for several years (from day 1
maybe). They handwave stateful inspection, without providing
implementation details. It's gotten much worse recently as the product
becomes more bloated.
: standard echo-request\echo-reply pairing is truly stateful. They should
What is truly stateful?
: be getting back with me in the next week or so with verification on
: that. If it isn't, I've put in a request (on behalf of several large
: CHKP customers) to make it so. I'll let everyone know when I hear
: something back. Hope this helps (at least a little)...
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
