Actually, that would probably qualify as a packet filtering firewall, although perhaps a very simple one. It's actually a good first step to set up your border router (if you control it) in just that fashion.
Indeed, almost any Cisco router (not the 2500 series, but most others) has a optional firewalling package available. As I stated at the beginning of my message, a firewall is potentially a collection of hardware and software, not necessarily a single piece of dedicated equipment. | -----Original Message----- | From: Paul Neiberman [mailto:[EMAIL PROTECTED]] | Sent: Friday, May 03, 2002 17:40 | To: [EMAIL PROTECTED] | Cc: [EMAIL PROTECTED] | Subject: RE: Nat versus stateful inspection | | | | | >The shortcoming of a packet filtering firewall is that it doesn't | >understand the protocol(s) involved in the conversation, so that if | >someone is abusing it (too many telnet logins, malformed application | >headers such as overlong SMTP commands, etc.), it can't know | that, and | >it can't protect you against that kind of threat. | | mmm, | with that in mind, what would i call an access-list on a | router? (since | these are 'packet/or/frame-filtering policies' and can | 'understand/filter | protocol/or/ToS fields' in packet/or/frame headers.) | | | _________________________________________________________________ | Converse com amigos on-line, conhe�a o MSN Messenger: | http://messenger.msn.com | |
