At 12:48 PM 4/14/00 +0930, you wrote:
Regarding FW-1
>No idea. I picked on it because it has lots of market share and does a
>not-very-good job of stateful filtering.
Why do you say FW-1 does not do a good job at what it claims to do? It
seems to work as advertised from my lab and implementation tests, that is,
hitting the gateway with nmap scans only turned up the services I
allowed. Yes, it doesn't really inspect the http traffic or smtp traffic,
but I don't think many people configure their ALGs to do that either (but,
that's a separate debate).
Cheers!
Jon
-----------------------------------------------------------------
Jon Earle (613) 612-0946 (Cell)
HUB Computer Consulting Inc. (613) 830-1499 (Office)
http://www.hubcc.ca 1-888-353-7272 (Within Canada/US)
"God does not subtract from one's alloted time on Earth,
those hours spent flying." --Unknown
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
