[fw-wiz] Clavister Proudly Announces RFC3514 Compliance

From: Mikael Olsson (mikael.olsson@clavister.com)
Date: 04/01/03

  • Next message: Luca Berra: "Re: [fw-wiz] iptables problem forwarding"
    From: Mikael Olsson <mikael.olsson@clavister.com>
    To: fw-wiz <firewall-wizards@honor.icsalabs.com>
    Date: Tue, 01 Apr 2003 13:23:30 +0200

    An innovative security initiative Örnsköldsvik, Sweden
    -------------------------------- April 1, 2003

    Clavister AB is proud to present the world's first RFC3514
    compliant network firewall product. In a proactive move,
    Clavister implemented the "IPRF" consistency check five
    years ago, making its firewall software RFC3514 compliant
    before the fact.

    With the release of the innovative security initiative
    outlined in ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt ,
    Clavister will rename this setting to "IPEvilFlag" and change
    its configurable set from "Ignore", "Strip" and "Drop" to
    "Drop" and "HALT" in the new feature release scheduled
    for April 31.

    "We foresee a huge demand for the added HALT functionality.
    With it, a firewall administrator will be able to cause the
    firewall's CPU to immediately halt and cease forwarding traffic
    when it sees evil IP datagrams", says Mikael Olsson, R&D Manager
    at Clavister. "At this point, the administrator can connect to
    the in-kernel debugger via XMLRPC and fully examine the state
    of the state table as well as the packet buffers, and carefully
    consider whether the firewall should continue to execute or
    simply keep it halted until the attack has blown past."

    "This represents a great leap forward in security for IP networks.
    We applaud Steve Bellovin's ingeniousness in engineering this
    fundamental change to the IP protocol.", concludes John Vestberg,
    Vice President, Security.

    Mikael Olsson, Clavister AB
    Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
    Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
    Fax: +46 (0)660 122 50       WWW: http://www.clavister.com
    firewall-wizards mailing list

  • Next message: Luca Berra: "Re: [fw-wiz] iptables problem forwarding"