mjrnfr.com

• Next message: Marcus J. Ranum: "Re: Firewalls-Digest V8 #1351"
• Previous message: Andy Haigh: "Choice of Firewall"
• Next in thread: Ben Nagy: "RE: Simple Pimple firewalls"
• Maybe reply: Marcus J. Ranum: "Re: Simple Pimple firewalls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"Roy G. Culley" <tgdcuro1gd2.swissptt.ch> writes:
>What about normal ftp (not PASV), IIOP, net-meeting, sun-rpc, etc?
>Keeping state is necessary if you are to have any chance of allowing
>these without opening up huge holes in your firewall.

If you're allowing those, you've opened up huge holes
in your firewall by virtue of the fact that you're allowing
them. Stateful inspection versus non-stateful inspection
is a non-issue if the protocols you're letting back and
forth are more toxic than a fist full of Ebola.

mjr.

---
Marcus J. Ranum, Chief Technology Officer, NFR Security, Inc.
Work:	http://www.nfr.com
Play: http://www.ranum.com
-
[To unsubscribe, send mail to majordomolists.gnac.net with
"unsubscribe firewalls" in the body of the message.]

• Next message: Marcus J. Ranum: "Re: Firewalls-Digest V8 #1351"
• Previous message: Andy Haigh: "Choice of Firewall"
• Next in thread: Ben Nagy: "RE: Simple Pimple firewalls"
• Maybe reply: Marcus J. Ranum: "Re: Simple Pimple firewalls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]