ay 03, 2002 17:40
| To: [EMAIL PROTECTED]
| Cc: [EMAIL PROTECTED]
| Subject: RE: Nat versus stateful inspection
|
|
|
|
| >The shortcoming of a packet filtering firewall is that it doesn't
| >understand the protocol(s) involved in the conversation, so that if
| >someone is abusing it (too
>The shortcoming of a packet filtering firewall is that it doesn't
>understand the protocol(s) involved in the conversation, so that if
>someone is abusing it (too many telnet logins, malformed application
>headers such as overlong SMTP commands, etc.), it can't know that, and
>it can't protect
David,
First, you should have a good definition of what a firewall is - it's a
chokepoint for your network, through which traffic passes and is
inspected, and is either allowed or denied according to your security
policy. There might be one or more physical and/or logical entities that
perform th
David,
NAT is not an IP Address conservation technique, stateful inspection is a
firewall technology. Comparing the two is like comparing apples and
oranges. Most stateful inspection firewalls implement NAT as well. But
the key difference is NAT does not provide and mechanism for filtering