On Tue, 22 May 2001, Volker Tanger wrote:
[SNIP]
>
> (Transparent) application proxies read the request and open a brand new
> connection to the target IP address by themselves. With this IP-based
> attacks (e.g. weird IP flags) always stop at the firewall. In most cases
> (specialized) application proxies are more secure as they test (much)
> more parameters on the application layer. Checking host names or email
> addresses for overly long parts or disallowed special characters should
> be handled accordingly. In addition to that a certain ammount of
> anonymization and masquerading on application level (e.g. header
> filering for SMTP and HTTP) is builtin. Examples: Raptor,
> TIS/Gauntlet
>
Which, again, brings up an oft asked question, still left unanswered:
How deeply do application proxies actually look into the packets? What
degree do the majhor players go to to determine what is and is not
acceptable? How many actually look deeper then the packet headers? How
many look at more then the mere headers after the first packet or two?
Does there yet exist a comparison of the various application proxies in
this regard online? something more tangeble then the marketing hype of
the sales lizards that is...
Thanks,
Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
