Re: suggestions on router w/firewall

From: Leythos (void_at_nowhere.org)
Date: 11/07/04 

Date: Sun, 07 Nov 2004 01:58:44 GMT

In article <AUejd.18738$6q2.16252@newssvr14.news.prodigy.com>,
CZ@no99spam.com says...
> My wording for the above would be:
> Some end user NAT-router products only have simple packet filtering (if even
> that) for a firewall (some have SPI, which appears to be DoS protection for
> the WAN port).

I see now, and this is where we differ, I would never make the mistake
of using NAT, even with SPI, as a firewall method. You continue to
describe standard NAT (with or without SPI) as a firewall service.

> A simple packet filtering firewall can only make a forward/drop decision
> based on static rules and info in the packet headers at OSI layer 3 & 4
> (primarily IP address & port #).

What you are describing is not a property of a firewall, it's a property
of Port Forwarding, and while Firewalls can forward ports, port
forwarding does not make them firewalls.

The NAT device vendors seem hell bent on changing the definition of what
a firewall is, and as far as I can see, the only reason for it is to
increase sales. a device that can't tell the difference between HTTP and
FTP is not a firewall. 

-- 
-- 
spamfree999@rrohio.com
(Remove 999 to reply to me)

Relevant Pages

  • Re: Stateful Packet Inspection Firewall
    ... you need a router with NAT to establish multiple machines to use one public ... An SPI firewall will help to keep out hackers/crackers and you will ... not application based but port based. ...
    (comp.security.firewalls)
  • Re: Plusnet 2Mbps connection
    ... >> Stateful Packet Inspection (SPI). ... The NAT firewall hides computers on ... >> through the firewall to the connected computers. ...
    (uk.people.silversurfers)
  • Re: keeping ports open
    ... If a port is open, it means that 1) a software or service is running on your ... and 2) you're not using a firewall or your firewall isn't ... Use firewall software and hardware and antivirus software that is ... Follow the instructions for hardening Windows and IIS at ...
    (microsoft.public.security)
  • Re: How to Maintain an IIS Server?
    ... > server running on a Windows 2000 server. ... before a firewall and antivirus have been installed]. ... open ports; however, this will not identify which program is using the port. ...
    (microsoft.public.inetserver.iis.security)
  • Re: CEICW fails at firewall config
    ... ISA Server prevents connection to a remote desktop when you connect through ... Remote Web Workplace on a Windows Small Business Server 2003-based computer ... Acceleration Server as a firewall. ... connection uses TCP port 4125. ...
    (microsoft.public.windows.server.sbs)
Quantcast