Re: [fw-wiz] Layer 3-7 Firewall.
From: Darren Reed (darrenr@reed.wattle.id.au)
Date: 03/19/03
- Previous message: John Adams: "RE: [fw-wiz] PIX Logging Analysis"
- In reply to: Magosányi Árpád: "Re: [fw-wiz] Layer 3-7 Firewall."
- Next in thread: Stiennon,Richard: "RE: [fw-wiz] Layer 3-7 Firewall."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Darren Reed <darrenr@reed.wattle.id.au> To: Magosányi Árpád <mag@bunuel.tii.matav.hu> Date: Thu, 20 Mar 2003 08:54:17 +1100 (EST)
In some email I received from Magos?nyi ?rp?d, sie wrote:
[ Charset iso-8859-2 unsupported, converting... ]
> A levelez_m azt hiszi, hogy George J. Jahchan a k_vetkez_eket _rta:
> > Is there a SPI firewall out there that is application-layer protocol
> > aware?
>
> Doing stateful inspection up from packet level to application
> level is just not feasible. The problem is that the state space
> explodes in an unmanageable scale. (I will not comment on
> useability of stateful packet filtering routers now, which is
> one of my favourite flame war topics).
The state space does not have to explode in any greater manner
than it does for a normal application proxy. It is however harder
to program and get right unless you're prepared to use up some
significant resources - but perhaps not any more significant than
real proxies, anyway.
btw, do you have any formal relationship with that product you
mentioned ?
Darren
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: John Adams: "RE: [fw-wiz] PIX Logging Analysis"
- In reply to: Magosányi Árpád: "Re: [fw-wiz] Layer 3-7 Firewall."
- Next in thread: Stiennon,Richard: "RE: [fw-wiz] Layer 3-7 Firewall."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
