Firewall Wizards mailing list archives
Re: Firewalls that generate new packets..
From: ArkanoiD <ark () eltex net>
Date: Sat, 17 Nov 2007 21:08:21 +0300
As another blatant advertisement, my http logs indicate that some people still downoad OpenFWTK snapshots from milliways.chance.ru/~ark , though i explicitly stated that those are outdated. Referrer field is often firewall-wizards archive. Please do not, openfwtk home is http://www.sourceforge.net/projects/openfwtk ! On Sat, Nov 17, 2007 at 10:05:34AM -0500, Dave Piscitello wrote:
Commercial examples include Watchguard FireboxX and Secure Computing Sidewinder. The original firewall toolkit evolved into one of my favorite firewalls, the TIS Gauntlet. Network Associates bought TIS, then NAI sold the Gauntlet to Secure Computing, who I believe offered the Gauntlet on Solaris but has phased out the product. Sad, I really loved running Gauntlet on BSD. Matthew Hannigan wrote:On Wed, Nov 14, 2007 at 02:58:37PM +1100, Kelly Robinson wrote:Some firewalls, after receiving a packet, generate a new packet and populate it with data from the original, rather than forwarding the same packet that was received. What are the advantages and disadvantages of this approach? And does anyone have any examples of any firewalls that do this on the market?I guess all proxying fireawalls like the original fwtk do this. Advantage: Your firewall is more trusted not to do funky stuff that might upset internal servers. Directly concomitant disadvantage: The packet may not be an entirely faithful version of the original (besides the obvious source addr/port) _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizardsemail protected and scanned by AdvascanTM - keeping email useful - www.advascan.com
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Firewalls that generate new packets.. Kelly Robinson (Nov 14)
- Re: Firewalls that generate new packets.. ArkanoiD (Nov 17)
- Re: Firewalls that generate new packets.. John Adams (Nov 17)
- Re: Firewalls that generate new packets.. Matthew Hannigan (Nov 17)
- Re: Firewalls that generate new packets.. Dave Piscitello (Nov 17)
- Re: Firewalls that generate new packets.. ArkanoiD (Nov 19)
- Re: Firewalls that generate new packets.. Dave Piscitello (Nov 17)
- Re: Firewalls that generate new packets.. Paul Melson (Nov 17)
- Re: Firewalls that generate new packets.. Dave Piscitello (Nov 19)
- Re: Firewalls that generate new packets.. Timothy Shea (Nov 19)
- Re: Firewalls that generate new packets.. ArkanoiD (Nov 21)
- Re: Firewalls that generate new packets.. Dave Piscitello (Nov 23)
- Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 23)
- Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 25)
- Re: Firewalls that generate new packets.. ArkanoiD (Nov 21)
- Re: Firewalls that generate new packets.. Paul Melson (Nov 23)
- Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 23)
- Re: Firewalls that generate new packets.. Dave Piscitello (Nov 23)