[fw-wiz] Stateful Proxying?

From: Small, Jim (jim.small@eds.com)
Date: 03/17/03

  • Next message: Doug Sax: "RE: [fw-wiz] PIX Questions." 
    From: "Small, Jim" <jim.small@eds.com>
To: firewall-wizards@honor.icsalabs.com
Date: Mon, 17 Mar 2003 17:34:32 -0500

    While talking about Firewalls and Proxies, I was asked, can you have a
    "Stateful Proxy"?

    It seems like a simple enough question, but I was not sure how to answer it.
    Typically a Proxy Server doesn't forward IP packets, so it must listen for
    any service it proxies and then "proxy" the service. This almost implies
    state, doesn't it? But do Proxy servers watch ack and sequence numbers or
    "keep state" like a stateful packet filter does? Am I thinking about this
    correctly?

    If a Proxy Server is "stateful" then the difference between a stateful
    packet filter and a stateful proxy becomes small indeed. Would you then
    classify the difference as whether or not the proxy server breaks the
    connection/circuit and how for up the OSI model it checks and how thoroughly
    it checks the protocols for RFC/rules conformance?

    I would greatly appreciate any feedback or pointers.

    Thanks,
       <> Jim

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Doug Sax: "RE: [fw-wiz] PIX Questions."

    Relevant Pages

    • Re: [fw-wiz] Evolution of Firewalls
      ... proxy does analysis and reconstructs data ... and stateful ispection system can only decide ... stateful inspection system to miss thing that is not known to it or to ... The proxy output stream, not only general ...
      (Firewall-Wizards)
    • Re: [fw-wiz] Stateful Proxying?
      ... > even the most basic proxy (the plug-gw from the FWTK for example) is as ... > stateful as most of the stateful filter firewalls out there. ... A "stateful proxy" can easily be so much ... That's not to say a packet filtering solution can't have a stateful ...
      (Firewall-Wizards)
    • Re: proxies and firewalls
      ... the point of having proxies is *not* having ... Your proxy machine should not be able to forward packets. ... A Unix SOCKS 4 and 5 proxy server ... Socks5 is already app layer, too, IIRC. ...
      (freebsd-questions)
    • Re: [fw-wiz] Stateful Proxying?
      ... Back in the early days of firewalls "stateful" was a marketing term ... customers think that they did the same kind of things proxies did. ... "Stateful" implied that the firewall kept state - like a proxy. ...
      (Firewall-Wizards)
    • Re: Workaround for error code 80072EFD download critical updates failed
      ... Explorer on clients that have proxy servers, and must be set directly at the ... Open a single Internet Explorer browser and check proxy settings. ... Remember the name and port of this proxy server. ... Enter "Windows Update" in the Name field, ...
      (microsoft.public.windowsupdate)