Re: [fw-wiz] i-cap proposals

From: Carson Gaspar (carson_at_taltos.org)
Date: 02/15/05

  • Next message: Ofer Shezaf: "RE: [fw-wiz] Application-level Attacks"
    To: firewall-wizards@honor.icsalabs.com
    Date: Tue, 15 Feb 2005 02:08:59 -0500
    
    

    --On Sunday, February 13, 2005 12:10 PM +0300 ArkanoiD <ark@eltex.net>
    wrote:

    > Yes, IMAP is a content inspection nightmare - it was really insane to
    > deisgn it the way each one of zillion ways to get an email sliced to
    > little pieces and sucked down is mandatory to be implemented on server
    > and, thus, on the proxy!

    No, it makes perfect sense. And it's why IMAP4 is the only mail client
    protocol that behaves well on low bandwidth links (and can be safely taken
    offline and re-sync'd). POP3 is the insane mail protocol. But I admit that
    proxying and scanning the content is much easier with stupid protocols.

    You really should be doing scanning on the server. If you don't control the
    server, why are you allowing people to access it? If you insist on doing
    in-line scanning between the server and client, one option is to keep state
    on which messages have already been scanned during this session (pay
    attention to UIDVALIDITY). If any part (or any body part - see below) of a
    message which hasn't been scanned is fetched, do a full fetch in the proxy
    and scan it. If you trigger a scan on a header fetch, the user experience
    will suck, since most IMAP clients fetch from, date, and subject headers
    for a large subset of messages to display the mailbox summary.

    -- 
    Carson
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: Ofer Shezaf: "RE: [fw-wiz] Application-level Attacks"

    Relevant Pages

    • Port Assignment- OT in a Small Way
      ... 5:RJE - Remote Job Entry ... 18:MSP - Message Send Protocol ... server, Traitor 21, WebEx, WinCrash, NerTe, ... 22:SSH - SSH Remote Login Protocol, RAT: Shaft ...
      (comp.security.misc)
    • Port Assignment- OT in a Small Way
      ... 5:RJE - Remote Job Entry ... 18:MSP - Message Send Protocol ... server, Traitor 21, WebEx, WinCrash, NerTe, ... 22:SSH - SSH Remote Login Protocol, RAT: Shaft ...
      (comp.security.firewalls)
    • Port Assignment- OT in a Small Way
      ... 5:RJE - Remote Job Entry ... 18:MSP - Message Send Protocol ... server, Traitor 21, WebEx, WinCrash, NerTe, ... 22:SSH - SSH Remote Login Protocol, RAT: Shaft ...
      (alt.computer.security)
    • PORT NUMBER AND SERVICES
      ... 5:RJE - Remote Job Entry ... 18:MSP - Message Send Protocol ... server, Traitor 21, WebEx, WinCrash, NerTe, ... 22:SSH - SSH Remote Login Protocol, RAT: Shaft ...
      (comp.security.firewalls)
    • Re: client -server interaction over XML supporting multiple protocols
      ... > NETBEUI to access the server to access the functionalities exposed. ... > server doesnot know in advance which client is using what protocol. ... size of the XML and Xfunctionality will determine the demands ...
      (comp.lang.cpp)