Sunday, November 18, 2007

firewall-wizards Digest, Vol 19, Issue 13

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Re: Firewalls that generate new packets.. (Dave Piscitello)


----------------------------------------------------------------------

Message: 1
Date: Sat, 17 Nov 2007 10:05:34 -0500
From: Dave Piscitello <dave@corecom.com>
Subject: Re: [fw-wiz] Firewalls that generate new packets..
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <473F033E.1050204@corecom.com>
Content-Type: text/plain; charset="iso-8859-1"

The archives of this list contain several threads that go into detail
about the pros and cons of stateful traffic inspection versus proxy or
"read-rewrite" firewalls.

Few firewalls today are exclusively one or the other today. The archives
have lots of opinions over which is better but I think that's a moot
issue at this point in firewall evolution.

Some of the things I like about SMTP proxies in particular are that they
allow you to rewrite header fields to normalize SMTP headers, i.e.,
every piece of mail can be made to look like it came from one server and
you can strip all but the mail headers you want to disclose before mail
exits, etc.

Commercial examples include Watchguard FireboxX and Secure Computing
Sidewinder. The original firewall toolkit evolved into one of my
favorite firewalls, the TIS Gauntlet. Network Associates bought TIS,
then NAI sold the Gauntlet to Secure Computing, who I believe offered
the Gauntlet on Solaris but has phased out the product. Sad, I really
loved running Gauntlet on BSD.

Matthew Hannigan wrote:
> On Wed, Nov 14, 2007 at 02:58:37PM +1100, Kelly Robinson wrote:
>> Some firewalls, after receiving a packet, generate a new packet and populate
>> it with data from the original, rather than forwarding the same packet that
>> was received. What are the advantages and disadvantages of this approach?
>> And does anyone have any examples of any firewalls that do this on the
>> market?
>
> I guess all proxying fireawalls like the original fwtk do this.
>
> Advantage:
>
> Your firewall is more trusted not to do funky stuff
> that might upset internal servers.
>
> Directly concomitant disadvantage:
>
> The packet may not be an entirely faithful
> version of the original (besides the obvious
> source addr/port)
>
>
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dave.vcf
Type: text/x-vcard
Size: 220 bytes
Desc: not available
Url : https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20071117/ca8277bf/attachment-0001.bin


------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 19, Issue 13
************************************************

at

No comments:

Post a Comment