Re: [fw-wiz] Proxies, opensource and the general market: what's wrong with us?

On 04/29/2011 04:09 PM, ArkanoiD wrote:
On Fri, Apr 29, 2011 at 10:22:45AM +0200, Claudio Telmon wrote:

Proxies have been mostly put on top of an operating system's tcp/ip
stack, but I wouldn't say that this is a benefit, it's just simpler.

Actually it *IS* a benefit. By eliminating direct packet flow you do not
need to care about bad things sneaking in TCP and below, actually it is the only
way to *reliably* ensure that we see similar data on the firewall and the endpoint.

I agree, but I was just saying that using the TCP/IP stack of an OS is
simpler than building a "stripped down" stack that only supports the
proxy needs, non even including e.g. the option to route packets, or to
support the many protocols supported by most current OS.


- Claudio


Claudio Telmon

firewall-wizards mailing list