On Wed, 26 May 1999, Larry Claman wrote:
> I agree, but that wasn't the intended point of my message. I was trying to
> point out that when the firewall vendors say "we support whiz-bang protocol
> XYZ", for the most part what they've done is just preconfigure a plug-through
> proxy, which is no better than a packet filter.
A plug-through proxy _is_ better than a packet filter because the end
system "sees" a clean TCP stream written by the proxy. This reduces the
risk of low level attacks.
Rudi
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
