Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Proxy 2.0 secure? (AG vs. SPF)

From: tqbf () pobox com
Date: Wed, 8 Jul 1998 21:16:06 -0500 (CDT)
I claim that any IP handling software that isn't part
of the OS, and hence isn't usable by the OS is
a type of SPF.


This definition is so vague as to be practically useless. SPF stands
for "stateful packet filter". An SPF is a type of packet filter. A packet
filter is a very well-defined networking component. It takes as input a
packet, and, apart from side effects, outputs a classification for the
packet (normally "accept" or "reject"). Stateful packet filters simply
augment this decision with knowledge of the context of each packet.

Anything that doesn't fit this definition isn't a packet filter, no matter
how badly you want "SPF firewalls" to work.

-----------------------------------------------------------------------------
Thomas H. Ptacek                           SNI Labs, Network Associates, Inc.
-----------------------------------------------------------------------------
http://www.pobox.com/~tqbf       "If you're so special, why aren't you dead?"
Previous By Date Next
Previous By Thread Next

Current thread: