Re: [fw-wiz] Firewalls that generate new packets..
- From: AMuse <amuse@xxxxxxxxxx>
- Date: Wed, 28 Nov 2007 10:26:41 -0800
Marcus: Not that I have tons to add to the discussion, but I have to ask
logically: If TCP Sequence numbers did NOT make a difference then why
do we go to so much trouble in the TCP stack to make them difficult to
predict?
Darden, Patrick S. wrote:
Marcus J. Ranum
The hard thing I had to wrap my brain around was the
observation that between a router+ACLs combined
with the state that is held in the TCP stack of the
target, you've got exactly the same thing (and often
quite a bit better!) than a "stateful" firewall.
I respecfully disagree for all the reasons I have outlined
before.... Sum: tcp sequence #s make a difference.
--Patrick Darden
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- Follow-Ups:
- Re: [fw-wiz] Firewalls that generate new packets..
- From: Marcus J. Ranum
- Re: [fw-wiz] Firewalls that generate new packets..
- References:
- Re: [fw-wiz] Firewalls that generate new packets..
- From: Darden, Patrick S.
- Re: [fw-wiz] Firewalls that generate new packets..
- Prev by Date: Re: [fw-wiz] Firewalls that generate new packets..
- Next by Date: Re: [fw-wiz] Firewalls that generate new packets..
- Previous by thread: Re: [fw-wiz] Firewalls that generate new packets..
- Next by thread: Re: [fw-wiz] Firewalls that generate new packets..
- Index(es):
