Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Important Comments re: INtrusion Detection

From: tqbf () secnet com
Date: Thu, 19 Feb 1998 13:35:50 -0600 (CST)
Erm, why is this true? Presumably the firewall (or the final gateway in
a 
firewall complex) has a connection to "the network" (unless it is
Perfect), 
and hence, can sniff it.


Because the whole reason you'd deploy a proxy rather than a passive system
is that "sniffing" does not allow you to reliably reconstruct sessions,
while a proxy does. 

-----------------------------------------------------------------------------
Thomas H. Ptacek                                        Secure Networks, Inc.
-----------------------------------------------------------------------------
http://www.enteract.com/~tqbf                           "mmm... sacrilicious"
Previous By Date Next
Previous By Thread Next

Current thread: