Re: Update on the "Multiple Firewalls FTP PASV" vulnerability

[dwelch () uswestmail net]

On Fri, 03 March 2000, Mikael Olsson wrote:

> ... speaking of which... shouldn't firewalls that look at the application
> layer packet by packet instead be claiming "Application Layer Inspectors"
> or "Appliction Layer Filters" rather than "Application Layer Gateways"... ?

I tend to associate the term "application layer gateway" with an actual proxy. FireWall-1 does have these proxies for 
FTP, HTTP, telnet, and rlogin. However, unless you are doing User Authentication or Content Security on FireWall-1, 
these are not used. FireWall-1 is kind of a hybrid in this respect.

-- PhoneBoy

--
Dameon D. Welch, a.k.a. PhoneBoy (dwelch () phoneboy com)
Check Point FireWall-1 FAQs at http://www.phoneboy.com/fw1/
The views expressed herein are not necessarily those of anyone else.
--
Signup for your free USWEST.mail Email account http://www.uswestmail.net