|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Firewall comparison in Data Communications
Steven M. Bellovin (smb
research.att.com)
Thu, 03 Jun 1999 07:44:58 -0400
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: jacob carlson: "Re: IMAP- how to protect a server?"
- Previous message: Aaron D. Turner: "Re: IMAP- how to protect a server?"
- In reply to: Ge' Weijers: "Re: IMAP- how to protect a server?"
- Next in thread: Ge' Weijers: "Re: Firewall comparison in Data Communications"
- Reply: Ge' Weijers: "Re: Firewall comparison in Data Communications"
In message <19990601142700.A10893progressive-systems.com>, "Ge' Weijers" write
s:
>
> The bugs in the host O/S are still relevant, if they can be exploited
> using packets that look valid to the firewall. Some exploits use
> syntactically valid packets, and a packet-at-a-time firewall may not
> protect you against that if you allow incoming traffic to
Right. More fundamentally, firewalls can't protect you against bugs at
a higher level of the protocol stack. An IP+port number firewall (i.e.,
a typical packet filter) is blind to TCP holes. For that matter, it's
blind to attacks based on other portions of the IP packet that it doesn't
look at -- 'ping of death' comes to mind.
- Next message: jacob carlson: "Re: IMAP- how to protect a server?"
- Previous message: Aaron D. Turner: "Re: IMAP- how to protect a server?"
- In reply to: Ge' Weijers: "Re: IMAP- how to protect a server?"
- Next in thread: Ge' Weijers: "Re: Firewall comparison in Data Communications"
- Reply: Ge' Weijers: "Re: Firewall comparison in Data Communications"
This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:18:59 CDT