[fw-wiz] Clavister Proudly Announces RFC3514 Compliance

From: Mikael Olsson (mikael.olsson@clavister.com)
Date: 04/01/03

  • Next message: Luca Berra: "Re: [fw-wiz] iptables problem forwarding" 
    From: Mikael Olsson <mikael.olsson@clavister.com>
To: fw-wiz <firewall-wizards@honor.icsalabs.com>
Date: Tue, 01 Apr 2003 13:23:30 +0200

    An innovative security initiative Örnsköldsvik, Sweden
    -------------------------------- April 1, 2003

    Clavister AB is proud to present the world's first RFC3514
    compliant network firewall product. In a proactive move,
    Clavister implemented the "IPRF" consistency check five
    years ago, making its firewall software RFC3514 compliant
    before the fact.

    With the release of the innovative security initiative
    outlined in ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt ,
    Clavister will rename this setting to "IPEvilFlag" and change
    its configurable set from "Ignore", "Strip" and "Drop" to
    "Drop" and "HALT" in the new feature release scheduled
    for April 31.

    "We foresee a huge demand for the added HALT functionality.
    With it, a firewall administrator will be able to cause the
    firewall's CPU to immediately halt and cease forwarding traffic
    when it sees evil IP datagrams", says Mikael Olsson, R&D Manager
    at Clavister. "At this point, the administrator can connect to
    the in-kernel debugger via XMLRPC and fully examine the state
    of the state table as well as the packet buffers, and carefully
    consider whether the firewall should continue to execute or
    simply keep it halted until the attack has blown past."

    "This represents a great leap forward in security for IP networks.
    We applaud Steve Bellovin's ingeniousness in engineering this
    fundamental change to the IP protocol.", concludes John Vestberg,
    Vice President, Security. 

    -- 
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50       WWW: http://www.clavister.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
  • Next message: Luca Berra: "Re: [fw-wiz] iptables problem forwarding"

    Relevant Pages

    • Re: [Full-Disclosure] RFC 3514 released
      ... Clavister AB is proud to present the world's first RFC3514 ... compliant network firewall product. ... "This represents a great leap forward in security for IP networks. ...
      (Full-Disclosure)
    • Re: the BEST firewall
      ... Clavister has the highest trouhgput... ... if the active unit goes down... ... You can build a firewall appliance with 64 interface!!! ... I've installed about 60 appliance... ...
      (comp.security.firewalls)
    • Re: Cannot join domain : Problem solved
      ... It finally came down to a Firewall problem and upon contact with ... Clavister they gave us a prerelease of their next Firewall version. ...
      (microsoft.public.windows.server.networking)
    • Re: Cannot join domain : Problem solved
      ... (I like the photo in cycling gear on the website) ... It finally came down to a Firewall problem and upon contact with ... Clavister they gave us a prerelease of their next Firewall version. ...
      (microsoft.public.windows.server.networking)
    • Re: system shutdown!
      ... The server is protected by a firewall, the sasser worm can not infect it, also i have not set the option to halt the system when sec log becomes full. ...
      (microsoft.public.win2000.general)