At 12:36 PM 10/2/97 +0100, you wrote:
>Hello all,
[guilt riddled statement deleted ;)]
>
>This being said here is my question: Is it correct to believe that
>attacks directed against the TCP/IP stack (like the famous (infamous?)
>OOB attack family ) could lead to crash an NT Firewall where a Unix
>based firewall should continue to run?
It really depends on the firewall implementation. In the case of
application proxies running on a NT box using the MS TCP/IP stack, the
answer is a clear yes. The MS TCP/IP stack has a pretty bad track record so
far (that is what you get when you re-invent the wheel ;). There are a few
firewall implementations on NT where a custom driver is bound to the NDIS
NIC driver, effectively circumventing the MS TCP/IP stack, so in this case
the answer is no. The later firewalls are mostly stateful analysis types,
but there is one that does stateful analysis then hands the data directly
to its proxies, so it is a hybrid (pretty interesting).
This is just one of the many interesting questions about using NT as a
firewall platform. I will try and put some of my thoughts together in
future post, because I think it would be really interesting to see what the
general opinion is about NT and firewalls.
>TIA for the input,
>
>Thierry
Dominique Brezinski
----------------------------------------------------
My opinions expressed here, and in any public forum,
are my own and do not represent those of my employer
or its clients. I am an individual.
Received on Oct 02 1997
Intro
