Re: [fw-wiz] Proxies, opensource and the general market: what's wrong with us?

On 04/29/2011 04:09 PM, ArkanoiD wrote:
On Fri, Apr 29, 2011 at 10:22:45AM +0200, Claudio Telmon wrote:

Proxies have been mostly put on top of an operating system's tcp/ip
stack, but I wouldn't say that this is a benefit, it's just simpler.

Actually it *IS* a benefit. By eliminating direct packet flow you do not
need to care about bad things sneaking in TCP and below, actually it is the only
way to *reliably* ensure that we see similar data on the firewall and the endpoint.

I agree, but I was just saying that using the TCP/IP stack of an OS is
simpler than building a "stripped down" stack that only supports the
proxy needs, non even including e.g. the option to route packets, or to
support the many protocols supported by most current OS.


- Claudio


Claudio Telmon

firewall-wizards mailing list

Relevant Pages

  • RE: tcp/ip hardware offload
    ... This isn't just TCP/IP stack specific. ... I know for CPU thermal testing Intel ... > announced gigabit network adapters with full protocol offload. ...
  • Re: Opinions on complexity
    ... > it depends on what /kind/ of realism you expect out of it.) ... commercial implementacion of the TCP/IP, but a kind of simulation of it ... > from an established stack -- or at least budget two or ...
  • Cant start DHCP Service - fixed
    ... I had a problem last night with my home network (802.11b Linksys router, ... wired/wireless mix) and fixed it by resetting my TCP/IP ... The fix for me was to reset the TCP/IP stack in accordance with the ... the stack and that a reset is that closest thing. ...
  • Re: Connection test (try 2)
    ... if my inability to make a broadband connection is due to TCP/IP ... dependent on additional customised settings within the TCP/IP stack. ... default can be destructive and should only be used as a last resort. ...
  • Re: TCP/IP stack & interfacing.
    ... The TCP/IP "stack" refers to the layered protocol components which make up ... > I know what embedded systems are and know what TCP/IP is but what is ...