Re: Re(2): Poor practice of using a router as a firewall

[Chris Brenton]

On Mon, 24 Jul 2000, Marlon Jabbur wrote:

> Try to think in an Web Attack, where a attacker explore a vulnerability
> in a Web Server and open a shell for execute commands. An application
> gateway firewall can stop this kind of attack and this is something a
> packet filter cannot do.

"can" and "does" are two different things. HTTP has become such a complex
protocol that most (but not all) HTTP proxies which are included with
commercial firewalls are little more than plugs. With this in mind you get
zero protection from tunneling, nasty scripts, etc.

Only way to make sure this does not happen is to test it or build the
proxy yourself.

HTH,
Chris
-- 
**************************************
[EMAIL PROTECTED]

* Mastering Cisco Routers
http://www.amazon.com/exec/obidos/ASIN/078212643X/
* Mastering Network Security
http://www.amazon.com/exec/obidos/ASIN/0782123430/


-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]