[fw-wiz] imap and content inspection?

ark_at_eltex.ru
Date: 10/09/03

  • Next message: Guido Bolognesi [ Zen ]: "Re: [fw-wiz] Help yourself get the answers"
    To: firewall-wizards@honor.icsalabs.com
    Date: Thu, 9 Oct 2003 15:41:24 +0400
    
    

    Hi,

    I am planning IMAP filtering proxy implementation. A quick look into rfc
    shows the IMAP protocol appears to be designed to maximize firewall
    application layer problems ;-). I mean it requires proxy to handle full
    email mime parsing, besides quite sophisticated protocol itself, thus
    making proxy very complex pile of code, comparable with IMAP server itself,
    which turns its security (through simplicity!) advantage questionable.
    And - there are numerous ways to retreive various parts of messages without
    handling message as whole; if content inspection means simple virus check
    with binary result (OK/BAD) it is not really a problem, but if we employ other
    content inspection types, it ruins the whole idea.

    I know here are many people on the list who know implementation details in
    depth, how do other vendors solve this problem? Is "best practice" now
    to just handle FETCH and UID FETCH commands syntax issued by widespread email
    clients and not to care if other techniques are used?

    p.s. for those interested in "fwtk sequel", i expect something like "public
    beta" to be finished before Samhain. ;-) i doubt i will include "real" imap4
    proxy, though :(
                                         _ _ _ _ _ _ _
     {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_
     (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_|
     [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one!
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Guido Bolognesi [ Zen ]: "Re: [fw-wiz] Help yourself get the answers"

    Relevant Pages

    • Re: [fw-wiz] dirty packet tricks?
      ... solve via promiscuously sucking up packets. ... restriction that your 'sideways' proxy box is it will have to be on a hub ... The firewall will have to suppress all ICMP errors to the internal network ...
      (Firewall-Wizards)
    • Re: [fw-wiz] httport 3snf
      ... >> wouldn't have gotten SSH out of my firewall. ... > Postfix SMTP server with a wildcard MX that handed the mail that wasn't ... > destined to me off to the downstream MS stuff, and an HTTP proxy server ... All it needs is a written policx "Internet access is ...
      (Firewall-Wizards)
    • Re: Kids bypassing firewall via web proxy sites
      ... We use a Sonicwall firewall, 3060, I subscribe to content fltering, ... I checked "Access to HTTP Proxy Servers" But I am still able to get to ... CyBlock, which does network proxy and filtering ...
      (comp.security.firewalls)
    • Re: NAT is not a mechanism for securing a network.. but.. HELP!
      ... tell you a NAT router is a firewall. ... > There is this one hot chick at a major American news network, ... >proxy, and come to a chat room where her and I have been chatting, she has ... >admins at the station she works for. ...
      (comp.security.firewalls)
    • Re: Tool to find hidden web proxy server
      ... No reason the proxy has to be INSIDE your firewall. ... Cell Phones to just bypass your firewall completely. ... On Thu, 2 Sep 2004, vinay mangal wrote: ... policy for Internet access says it is through IP ...
      (Pen-Test)