Re: [fw-wiz] State of security technology for the enterprise



Stateful is typically about 5-tuple flow tracking and maybe some
handful of protocols that need alternate ports (FTP is usually the
qualifier for someone to be stateful) and DPI is typically about the x
odd protocols that are decoded "enough" to claim deep.

And it makes a nice story,

K.

On Thu, Apr 30, 2009 at 6:19 PM, Paul D. Robertson <paul@xxxxxxxxxxxx> wrote:
On Thu, 30 Apr 2009, Marcus J. Ranum wrote:

...And nobody has ever done an adequate job of explaining what is
stateful about SPI or particularly "deep" about DPI.   As one of those

Oh, the stateful part was explained pretty well- as were the state tables,
it was the "inspection" part that was all over the map in SPI just like
in DPI...

obnoxious guys who always did everything at Layer 7, it seems more
like an argument about who's the tallest kid in the shallow end of
the pool.

I get to have a proxy conversation with a bank tomorrow, because *all*
their literature for their ACH service requires "unrestricted Internet
access" with (at least according to the manuals, no place to even put a
proxy for the HTTS or FTP methods.)  *sigh*

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul@xxxxxxxxxxxx       which may have no basis whatsoever in fact."
          Moderator: Firewall-Wizards mailing list
          Art: http://PaulDRobertson.imagekind.com/

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards