> -----Original Message-----
> From: Jesper Wall [mailto:[EMAIL PROTECTED]]
> Sent: Monday, 25 September 2000 4:44 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: RE: Effnet firewall, good or bad?
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi!
> There's nothing wrong with the Effnet firewall. Its quite well known.
Are these statements meant to share some sort of causal link, or are they
individual assertions? ;)
Seriously, though, there's a whole bunch of snake-oil at the effnet site.
[1]
I wouldn't know an effnet firewall if I tripped over one in the street, but
based on the "technical information" they provide I don't trust it.
In particular, "Selective Inspection" sounds like a performance shortcut
made-up to be a security feature, and the fragmentation stuff sounds fishy
as well ("This makes Effnet's firewalls resistant to all Denial of Service
(DoS) attacks.") *cough*
There is a conspicuous absence of anything like protocol fixups or other
application-level smartness. I'd like to see someone from Effnet chime in,
but I fail to see (from the web-brochure) what the Effnet product does that
something like ipchains couldn't. BTW: I'm only picking on ipchains as an
example of a basic packet filter.
There's not much in the archives, although I see Mike Olsson has a similar
complaint about the marketing drivel on the website.
Unless the reality is much more impressive than the specs, I'd avoid it.
>
> //Jesper
>
[1] http://www.effnet.se/technology/firewall.html
--
Ben Nagy
Network Consultant, Volante Solutions
PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
