On Wed, 26 May 1999 06:11:46 +0200, Peter Bruderer
<[EMAIL PROTECTED]> wrote:
>
>It is very easy to let any protocol through most firewalls. But does the
>protocol which itself is dangerous become less dangerous through that fact?
>
>If you open everything what your users screem for than you do not really
>need a firewall.
>
I agree, but that wasn't the intended point of my message. I was trying to
point out that when the firewall vendors say "we support whiz-bang protocol
XYZ", for the most part what they've done is just preconfigure a plug-through
proxy, which is no better than a packet filter. I'm not making any
assessment on whether or not this is a good idea. YMMV, depending on your
needs.
I was actually going to write a much longer follow up, but I see that Marcus
Ranum has posted a far more elequent response than what I could do, so I'll
just say please read his note.
-Larry
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
