What shortcomings does Raptor have? At 11:12 PM 5/22/01 +0000, you wrote: >Date: Tue, 22 May 2001 10:08:42 -0400 (EDT) >From: [EMAIL PROTECTED] >Subject: Re: Differences between Cisco PIX and Nokia / Check Point > >The PIX has a couple shortcomings. > >* it's vulnerable to spoofed address attacks >* it doesn't validate most streams, so you could, for example, create a >tunnel through port 80 and the PIX would never know it wasn't web traffic >* it has some FTP bugs which cause connections to be opened erroneously - >not sure if this is a huge security rish though >* it has a nasty vulnerability that allows spoofed IP RST messages to kill >any open connections - again this is because the pix doesn't go as far >into the upper layers in the packets. > >The last two problems are documented on Cisco's website. I don't have the >URL's handy. Barry S. Hudson Network Admin, CCNA Fredericksburg State Bank www.fsbnk.com Business Email - [EMAIL PROTECTED] All Other Email - [EMAIL PROTECTED] This email is intended for the addressee only. The material may be privileged and confidential information. If you have received this email in error, please notify me immediately by email and delete the original. Thank you. - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
