> Another question.. I use ipfilter. One thing that I'm told about
> commercial firewalls is that stateful inspection will make sure that it
> is indeed HTTP traffic going over port 80 rather than something else
> (and similar for other ports/protocols).
>
No, stateful inspection, at least as Checkpoint introduced the name, means
that not only packets are inspectd, but connections. It is done by storing the
information of a connection in several tables on the firewall. If a SYN/TCP
packet arrives the packet is inspected and compared to the policy. If the
packet is allowed an entry for this connection is made in the table. The
following packets for this connection are accepted without full inspection of
the packet. Thus it is not possible to send manipulated packet through the
firewall stating that they belong to already established connections. But this
is all done between layer 2 and 3 of the TCP/IP model. Thus the packets
usually don't reach layer 4 where its content could be inspected.
If you want to inspect the content of the packet you have to search for an
application layer gateway like for example Gauntlet or Raptor Eagle.
Best regards
Heiko Ploehn
> Can this behaviour be simulated with ipfilter and ipnat using
> transparent proxies?
>
> Thanks,
> Jason
>
> On Wed, Dec 01, 1999 at 02:36:54PM +0100, [EMAIL PROTECTED] wrote:
> > At 11:40 01.12.99 +0800, Zheng Bokui wrote:
> > >Dear gurus,
> > >
> > >Is Darren Reed's IPFILTER a good tool comparing with commerical firewalls
> > like
> > >Checkpoint FIREWALL-1 or CISCO PIX?
> > >
> > >Of course commerical ones provide more features. What I'm most concerned is
> > >security: Can I build a secure firewall with IPFILTER?
> > >
> > >
> > >TIA,
> > >Bokui
> > >
> > >-
> > >[To unsubscribe, send mail to [EMAIL PROTECTED] with
> > >"unsubscribe firewalls" in the body of the message.]
> > >
> > >
> > yes IPFILTER is a good tool
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
--
Dr. Heiko Ploehn AM Professional Services GmbH
Tel.: +49 89 64916339 Geschwister-Scholl-Str. 4
Fax.: +49 89 6411636 82031 Gruenwald
email [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
