I believe what you are after is the difference between:
(please no nitpicking arguments over this!:) )
State full Inspection
and
Packet Inspection/Screening Router
and
Application Proxy
Look into the definitions on these three terms. Goggle gives lots of results.
It all relates to how far a FW or router looks into a packets contents. If you allow http through your fw you can and probably will be hacked because the FW doesn't inspect the http commands just the delivery. I know this is a very large gray area so please no arguments!
An application proxy mostly just inspects the data payload of the packet and looks to see if there are any commands that are not allowed. Such as for MS IIS get\iisadmin
This is the tip of the iceberg. If you really want to know read up on what each defines and you will see the overlap that causes the arguments. And you'll understand the evils of marketing departments at firewall firms!
Hope this can help you,
Mike
-----Original Message-----
From: Sudipto basu [mailto:[EMAIL PROTECTED]]
Sent: Friday, June 22, 2001 10:47 AM
To: [EMAIL PROTECTED]
Subject: Why router are vulnarable to FTP and DNS?
Hi all,
can any one let me know why Router level firewalls are
not good at filtering FTP, X11 and DNS packets.
Sudipto.
[EMAIL PROTECTED]
=====
The most I can do for my friend is.
Simply to be his friend.
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
