Re: [fw-wiz] IPChains vs. IPTables

From: Nimesh Vakharia (nvakhari@clio.rad.sunysb.edu)
Date: 07/29/02


From: Nimesh Vakharia <nvakhari@clio.rad.sunysb.edu>
To: Volker Tanger <volker.tanger@discon.de>
Date: Mon Jul 29 16:31:21 2002

Anyone ever use the cotent inspection in ipTable?. Maintaining the
application state (give the total number of applictions and complexity of
each) to make decision based on the application state transistion as
defined per RFC can be pretty tricky. If it actually works, this could be
developed into a nice protocol anomaly engine. Anyone have pointers or
documentation for this?

On Thu, 25 Jul 2002, Volker Tanger wrote:

> Greetings!
>
> Josh Welch wrote:
> > From: "Patrick Darden" <darden@armc.org>
> > >
> > > IPTables allow content inspection (making sure port 80 traffic is
> > > web, 21 is ftp, etc.), making it a little better than a mere packet
> > > filter.
> > > Truthfully, though, with tunnelling, if you don't have tight access
> > > lists then allowing any protocol access is just as secure via
> > > packet filtering as packet inspection. Loki uses icmp;
> > > then there's ssl tunneling, ssh, and hosts of others....
> > >
> >
> > IPTables does not , to my understanding, do content inspection. It does
> > state inspection, which IPChains does not, but does not check content. How
> > would you check content with IPTables?.
>
> There are some first (pre-alpha) patches for IPtables (2.5 kernel) that
> lay a foundation for packet data insprection. The "normal" IPtables only
> is a stateful (not inspection) packet filter, whereas IPchains only is a
> static (dumb) packet filter. For a detailed overview see
> http://www.wyae.de/secure_gateway/gateways.html
>
> Bye
>
> Volker Tanger
> IT-Security Consulting
>
> --
> discon gmbh
> Wrangelstraße 100
> D-10997 Berlin
>
> fon +49 30 6104-3307
> fax +49 30 6104-3461
>
> volker.tanger@discon.de
> http://www.discon.de/
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>