[fw-wiz] Protocol inspection

I have a question, that is hopefully approriate for
this list, related to application inspection (whatever
the vendors call it now).

We recently had some problems with SQL injection, and
I have been asked to look at whether our equipment can
stop the attacks. My knowledge about the attack is
that there isn't a generic way to block the traffic,
since a firewall can't differentiate between valid
post data (to a forum, for example) vs one that is an
attempt to use injection.

If this is the case, any vendor's protection will just
amount to responses to know attacks, and I could just
as easily create a filter on my own that stops some
portion of attacks (since I know better what data my
webservers expect).

Is this a reasonable path to go down, or is there more
functionality in vendor responses to and protection
against SQL injection?


Looking for last minute shopping deals?
Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
firewall-wizards mailing list