Re: [fw-wiz] Firewalls that generate new packets..



AMuse wrote:
Marcus: Not that I have tons to add to the discussion, but I have to ask
logically: If TCP Sequence numbers did NOT make a difference then why
do we go to so much trouble in the TCP stack to make them difficult to
predict?

I'm not saying they don't make a difference!! That was not the objective at all.

Usually when the "proxies versus stateful" thread flares up (like herpes,
it never goes away...) I try to approach the issue from the point of
view of discussing the various controls that can be layered at various
places in the security stack, and where the leverage is (or isn't) and
so forth. This time, I thought I'd try a different tactic - namely to get
people to explore exactly what "stateful inspection" or "stateful
firewalls" are and do - what is the value or that "state"?

Yeah, me and Socrates. I'm going to go drink some hemlock now,
and prepare for the next flare-up.

mjr.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards