Re: [fw-wiz] Firewalls that generate new packets..
- From: John Adams <jna@xxxxxxxxxx>
- Date: Wed, 14 Nov 2007 15:56:08 -0800
One issue that happened many years ago was that certain Windows TCP/
IP implementations would allocate the packet in memory and then write
the outgoing data into the allocated space.
The remainder of the packet (MTU - data_length) would contain
whatever garbage was lying around the sending computer's memory
space. Over time, this would leak large portions of memory out the
network port.
A firewall that copied data into a fresh, initialized packet would
avoid this information leak.
I can't see any disadvantages to using this approach. Packets with
improper length and header information would be truncated or dropped
by the firewall, and that's probably a good thing.
-j
On Nov 13, 2007, at 7:58 PM, Kelly Robinson wrote:
Some firewalls, after receiving a packet, generate a new packet and
populate it with data from the original, rather than forwarding the
same packet that was received. What are the advantages and
disadvantages of this approach? And does anyone have any examples
of any firewalls that do this on the market?
Thanks
- k
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- References:
- [fw-wiz] Firewalls that generate new packets..
- From: Kelly Robinson
- [fw-wiz] Firewalls that generate new packets..
- Prev by Date: Re: [fw-wiz] Firewalls that generate new packets..
- Next by Date: Re: [fw-wiz] static nat for inside returning traffic
- Previous by thread: Re: [fw-wiz] Firewalls that generate new packets..
- Next by thread: Re: [fw-wiz] Firewalls that generate new packets..
- Index(es):
Relevant Pages
|
|
