Re: [fw-wiz] Proxies, opensource and the general market: what's wrong with us?
- From: Claudio Telmon <claudio@xxxxxxxxxx>
- Date: Mon, 02 May 2011 14:24:25 +0200
On 04/29/2011 04:09 PM, ArkanoiD wrote:
On Fri, Apr 29, 2011 at 10:22:45AM +0200, Claudio Telmon wrote:
Proxies have been mostly put on top of an operating system's tcp/ip
stack, but I wouldn't say that this is a benefit, it's just simpler.
Actually it *IS* a benefit. By eliminating direct packet flow you do not
need to care about bad things sneaking in TCP and below, actually it is the only
way to *reliably* ensure that we see similar data on the firewall and the endpoint.
I agree, but I was just saying that using the TCP/IP stack of an OS is
simpler than building a "stripped down" stack that only supports the
proxy needs, non even including e.g. the option to route packets, or to
support the many protocols supported by most current OS.
ciao
- Claudio
--
Claudio Telmon
claudio@xxxxxxxxxx
http://www.telmon.org
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- References:
- Prev by Date: Re: [fw-wiz] Proxies, opensource and the general market: what's wrong with us?
- Next by Date: Re: [fw-wiz] Proxies, opensource and the general market: what's wrong with us?
- Previous by thread: Re: [fw-wiz] Proxies, opensource and the general market: what's wrong with us?
- Next by thread: Re: [fw-wiz] Proxies, opensource and the general market: what's wrong with us?
- Index(es):
Relevant Pages
|
