Re: [fw-wiz] Stateful Proxying?
From: Darren Reed (email@example.com)
From: Darren Reed <firstname.lastname@example.org> To: David Lang <email@example.com> Date: Wed, 19 Mar 2003 10:44:46 +1100 (EST)
In some email I received from David Lang, sie wrote:
> even the most basic proxy (the plug-gw from the FWTK for example) is as
> stateful as most of the stateful filter firewalls out there. the state
> being refered to is the state of the TCP connection not of the application
Were you present or otherwise have knowledge of the conversation that Jim
is referring to in order to be able to claim that it's only the TCP state
that is being referred to ?
In essence, if "stateful proxy" means the same as "stateful filter" then
it is really a meaningless conjunction of words as commonly understood
in the firewall market today. A "stateful proxy" can easily be so much
more. That's not to say a packet filtering solution can't have a stateful
proxy either, as indeed the ftp proxy in IPFilter is a stateful proxy.
btw, I'm pretty sure I could produce instances where plug-gw is less
stateful than some packet filters because it doesn't maintain all the
information presented on one side to the other or correctly enforce
packets arriving at the proxy host to have the same characteristics.
Anyway, I have more important things to do.
> On Tue, 18 Mar 2003,
> Darren Reed wrote:
> > Date: Tue, 18 Mar 2003 23:52:52 +1100 (EST)
> > From: Darren Reed <firstname.lastname@example.org>
> > To: "Small, Jim" <email@example.com>
> > Cc: firstname.lastname@example.org
> > Subject: Re: [fw-wiz] Stateful Proxying?
> > In some email I received from Small, Jim, sie wrote:
> > > While talking about Firewalls and Proxies, I was asked, can you have a
> > > "Stateful Proxy"?
> > To my way of thinking, if a proxy is stateful then it knows about the
> > application it is working on behalf of, not just .
> > For something like FTP, it might be whether or not the user has made
> > a successful login or not.
> > Of course I might be completely out of step with the rest of the world
> > on this :-)
> > Darren
> > _______________________________________________
> > firewall-wizards mailing list
> > email@example.com
> > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
firewall-wizards mailing list