Ok, we're are in danger of starting some new flames...
but...
I do not know, where you get your infos from...
just take a look at www.securityfocus.com/vdb/, search for PIX and for
FW-1... and compare the number of vulnerabilities...
[_eleven_ for FW-1 last year]
> * it's vulnerable to spoofed address attacks
> * it doesn't validate most streams, so you could, for example, create a
> tunnel through port 80 and the PIX would never know it wasn't web traffic
And FW-1 would???
> * it has some FTP bugs which cause connections to be opened erroneously -
> not sure if this is a huge security rish though
> * it has a nasty vulnerability that allows spoofed IP RST messages to kill
> any open connections - again this is because the pix doesn't go as far
> into the upper layers in the packets.
all this is long patched
> as much as a similar PIX solution. You more or less get what you pay for.
In case of FW-1 you get a nice GUI for the price of crappy design...
Regards,
Enno Rey
[EMAIL PROTECTED] --- www.security-academy.de
PGP 74C0 C7E1 3875 E4EB 9B75 8B9D 5E2D 3178 685B F222
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
