Search This Blog

Saturday, July 26, 2014

firewall-wizards Digest, Vol 70, Issue 7

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Re: Interesting infographic on the history of firewalls
(Carson Gaspar)
2. Re: Interesting infographic on the history of firewalls
(Claudio Telmon)
3. Re: Interesting infographic on the history of firewalls
(Timothy Shea)
4. Re: Interesting infographic on the history of firewalls
(Mike Barkett)
5. Re: Interesting infographic on the history of firewalls
(Jeremiah Cornelius)
6. Re: Interesting infographic on the history of firewalls
(lordchariot@embarqmail.com)
7. Re: Interesting infographic on the history of firewalls
(?rp?d Magos?nyi)
8. Re: Interesting infographic on the history of firewalls
(Marcus J. Ranum)


----------------------------------------------------------------------

Message: 1
Date: Fri, 25 Jul 2014 15:52:18 -0700
From: Carson Gaspar <carson@taltos.org>
Subject: Re: [fw-wiz] Interesting infographic on the history of
firewalls
To: firewall-wizards@listserv.icsalabs.com
Message-ID: <53D2DFA2.10302@taltos.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

On 7/24/14, 1:37 PM, Dotzero wrote:
> http://www.net-security.org/images/articles/infographic-history-firewall-general.jpg
>
> Accurate? Inaccurate? Thoughts.

"Native Clustering" in 2009 looks wrong to me. Multicast state-sharing
existed as far back as 2001, I think. But my memory is notoriously bad
on dates...

--
Carson




------------------------------

Message: 2
Date: Fri, 25 Jul 2014 09:09:39 +0200
From: Claudio Telmon <claudio@telmon.org>
Subject: Re: [fw-wiz] Interesting infographic on the history of
firewalls
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <53D202B3.40903@telmon.org>
Content-Type: text/plain; charset=ISO-8859-1

On 07/24/2014 10:37 PM, Dotzero wrote:
> http://www.net-security.org/images/articles/infographic-history-firewall-general.jpg
>
> Accurate? Inaccurate? Thoughts.


At least the reference to DoS in year 2000 is wrong. DoS were known at
the system level (e.g. excessive memory consumption by local processes)
long before 2000. Mitnick used the SYN flood at least in 1994. Even
Smurf, which is usually classified as a DDoS, was known long before 2000.

IDS are not firewalls :)

The fist firewall evasion techniques I'm aware of are:
- SYN packet fragmentation in order to fool packet filtering
routers/firewalls
- setting the TTL in legitimate packets in order to map the network
behind a firewall.
Both were known long before 2006

Regards,

- Claudio

--

Claudio Telmon
claudio@telmon.org
http://www.telmon.org


------------------------------

Message: 3
Date: Sat, 26 Jul 2014 07:25:47 -0700
From: Timothy Shea <tim@tshea.net>
Subject: Re: [fw-wiz] Interesting infographic on the history of
firewalls
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<CAHxuY50UOGSf2-3Sz8eQaNp907A7f_gmFvrRnj25Rz1y0mCLRg@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"

I agree - we were doing that in 2002. At best this list is very odd.

"Gartner starts Next Generation Firewall discussion" is meaningless (like
if Gartner somehow was driving the feature sets of modern firewalls) and I
have no idea what "Software enabled security introduced making blade
technology obsolete" even means.


On Fri, Jul 25, 2014 at 3:52 PM, Carson Gaspar <carson@taltos.org> wrote:

> On 7/24/14, 1:37 PM, Dotzero wrote:
>
>> http://www.net-security.org/images/articles/infographic-
>> history-firewall-general.jpg
>>
>> Accurate? Inaccurate? Thoughts.
>>
>
> "Native Clustering" in 2009 looks wrong to me. Multicast state-sharing
> existed as far back as 2001, I think. But my memory is notoriously bad on
> dates...
>
> --
> Carson
>
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>



--
Tim Shea, CISSP, ISSAP, CISM
442-400-9096
tim@tshea.net

http://www.linkedin.com/in/timothyshea
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20140726/c007d0e0/attachment-0001.html>

------------------------------

Message: 4
Date: Fri, 25 Jul 2014 16:33:58 +0000
From: Mike Barkett <mbarkett@checkpoint.com>
Subject: Re: [fw-wiz] Interesting infographic on the history of
firewalls
To: "firewall-wizards@listserv.cybertrust.com"
<firewall-wizards@listserv.cybertrust.com>
Message-ID:
<94FA8BB69A7D1248979A21F1B5D0D135BE4541@US-EX10MA.ad.checkpoint.com>
Content-Type: text/plain; charset="us-ascii"

Off the top of my head:

- NFR IDS and Wheel Group/NetRanger sensors existed before Snort, among others.
- Many DoS attacks existed before 2000.
- What does "making blade technology obsolete" mean?
- I chuckled at "invisible wall."

Not entirely inaccurate, though they seem to have employed some selective history to make things simpler. It's a marketing graphic, so it'll serve its purpose.

-MAB

-----Original Message-----

Date: Thu, 24 Jul 2014 16:37:27 -0400
From: Dotzero <dotzero@gmail.com>
Subject: [fw-wiz] Interesting infographic on the history of firewalls
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<CAJ4XoYdL4oQtuUz61LJn7N5QMH-y-Rf-zD+1tcC6Y_QCsxLt6g@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8

http://www.net-security.org/images/articles/infographic-history-firewall-general.jpg

Accurate? Inaccurate? Thoughts.

Mike




------------------------------

Message: 5
Date: Fri, 25 Jul 2014 10:24:06 -0700
From: Jeremiah Cornelius <jeremiah@nur.net>
Subject: Re: [fw-wiz] Interesting infographic on the history of
firewalls
To: firewall-wizards@listserv.icsalabs.com
Message-ID: <53D292B6.2090308@nur.net>
Content-Type: text/plain; charset=windows-1252

Given the loose standards for nutshell infographics? It's good. I
wouldn't base a University course on this. :-)

Dates are a little rough. Teardrop/Land DoS were about 1998.

The DEC Seal and TIS are important, and CP-FW1 was the first commercial
success with stateful packet filtering.

http://www.darkreading.com/who-invented-the-firewall/d/d-id/1129238

On 7/24/14 1:37 PM, Dotzero wrote:
> http://www.net-security.org/images/articles/infographic-history-firewall-general.jpg
>
> Accurate? Inaccurate? Thoughts.
>
> Mike
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards




------------------------------

Message: 6
Date: Fri, 25 Jul 2014 09:10:11 -0400
From: <lordchariot@embarqmail.com>
Subject: Re: [fw-wiz] Interesting infographic on the history of
firewalls
To: "'Firewall Wizards Security Mailing List'"
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <000001cfa809$c52c98c0$4f85ca40$@embarqmail.com>
Content-Type: text/plain; charset="iso-8859-1"

Marketing.
Considering that they now own all the Sidewinder, Cyberguard, Gauntlet,
StoneSoft and SnapGear intellectual property.

??
-----Original Message-----
From: firewall-wizards-bounces@listserv.icsalabs.com
[mailto:firewall-wizards-bounces@listserv.icsalabs.com] On Behalf Of Dotzero
Sent: Thursday, July 24, 2014 4:37 PM
To: Firewall Wizards Security Mailing List
Subject: [fw-wiz] Interesting infographic on the history of firewalls

http://www.net-security.org/images/articles/infographic-history-firewall-gen
eral.jpg

Accurate? Inaccurate? Thoughts.

Mike
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



------------------------------

Message: 7
Date: Fri, 25 Jul 2014 07:52:50 +0200
From: ?rp?d Magos?nyi <mag@magwas.rulez.org>
Subject: Re: [fw-wiz] Interesting infographic on the history of
firewalls
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <53D1F0B2.2000800@magwas.rulez.org>
Content-Type: text/plain; charset=ISO-8859-1

On 07/24/2014 10:37 PM, Dotzero wrote:
> http://www.net-security.org/images/articles/infographic-history-firewall-general.jpg
>
> Accurate? Inaccurate? Thoughts.

Marketing bullshit.

"Software defined security". I don't know what technology does it
actually refer to, and don't know what the marketing guys coming out
with this smoking, but It should be some very good stuff. Being happy
for the most basic truths of life, and being able to say it out loud in
the possibly most inappropriate context, this is awesome.

And nothing actually relevant. The name fwtk, the first cryptographic
proxy, the invention of the buzzword stateful packet filtering, the year
when MJR left the industry. These are all missing.



------------------------------

Message: 8
Date: Thu, 24 Jul 2014 23:27:54 -0400
From: "Marcus J. Ranum" <mjr@ranum.com>
Subject: Re: [fw-wiz] Interesting infographic on the history of
firewalls
To: firewall-wizards@listserv.icsalabs.com
Message-ID: <53D1CEBA.9020907@ranum.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Dotzero wrote:
> http://www.net-security.org/images/articles/infographic-history-firewall-general.jpg

Not bad! The only part that made me go, "scrrrrrrrrrrreeeeeeee... wait!" was
the "firewall is an invisible wall"
Um, no, the only firewall that's 'invisible' is called a "switch" ...

Oh, and the first DOS attack was not discovered in 2000. It was far
earlier than
that. I'm not sure when, though. I was party to discussions regarding
'testing'
IP stacks with fuzzed packets in 1990 or thereabouts... At the very
least, jsz's
stack-jamming trick (multiple TCP half-open connections overloading queue)
was used by Mitnick on Tsutomu's machine in 1994. So the 2000 figure is at
least 6 years off, probably more like 16.

mjr.
--
Marcus J. Ranum, CSO, Tenable Network Security, inc. http://www.tenable.com


------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 70, Issue 7
***********************************************
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)