Firewall Wizards mailing list archives
Re: Layer 3-7 Firewall.
From: Darren Reed <darrenr () reed wattle id au>
Date: Thu, 20 Mar 2003 08:54:17 +1100 (EST)
In some email I received from Magos?nyi ?rp?d, sie wrote: [ Charset iso-8859-2 unsupported, converting... ]
A levelez_m azt hiszi, hogy George J. Jahchan a k_vetkez_eket _rta:Is there a SPI firewall out there that is application-layer protocol aware?Doing stateful inspection up from packet level to application level is just not feasible. The problem is that the state space explodes in an unmanageable scale. (I will not comment on useability of stateful packet filtering routers now, which is one of my favourite flame war topics).
The state space does not have to explode in any greater manner than it does for a normal application proxy. It is however harder to program and get right unless you're prepared to use up some significant resources - but perhaps not any more significant than real proxies, anyway. btw, do you have any formal relationship with that product you mentioned ? Darren _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Layer 3-7 Firewall. George J. Jahchan (Mar 19)
- RE: Layer 3-7 Firewall. Ben Nagy (Mar 19)
- Re: Layer 3-7 Firewall. Magosányi Árpád (Mar 19)
- Re: Layer 3-7 Firewall. Darren Reed (Mar 19)
- <Possible follow-ups>
- Re: RE: Layer 3-7 Firewall. broyds (Mar 19)
- RE: Layer 3-7 Firewall. Stiennon,Richard (Mar 20)
- RE: Layer 3-7 Firewall. George J. Jahchan (Mar 20)