Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

firewall-wizards logo Firewall Wizards mailing list archives

Re: stealth firewalls
From: ark () eltex ru
Date: Fri, 18 Jan 2002 01:07:44 +0300 (MSK)
The word "firewall" becomes somehow confusing when used in this context.

Actually there are two different tasks and two different classes of devices
that have some similarities but the approach and implementation is
completely different:

"firewalls" that implement simple filtering and basic DoS protection
for large networks and big servers. Those are usually hardware-accelerated
devices that have tricky optimized firmware inside. The main goal is
performance. You place those just behind your border router.

"firewalls" that implement in-depth data inspection, authentication and
access control. General-purpose Unix with some modifications and application
software fits the best. Those are not fast but smart - they are designed
this way. If you say "i have n*K workstations and my firewall cannot 
handle the load" it probably means you have done everything wrong.
There should NOT be such a number of workstations homogenous from
security viewpoint. You probably need more firewalls each protecting
its own department network.

Let's not mix the two.

(i did not mention VPN devices often called firewalls too ;)

YOU (Nate Campi) WROTE:


 Most firewalls hosted on general-purpose UNIX hosts can't handle the 
 large amounts of traffic that many of us would need to throw at it. 
 
 Recently my work needed syn-flood protection for a network where 
 outgoing traffic filled the two 100mbit uplinks, and only dedicated 
 devices could fill this niche. The one they use is uses the same
 approach, essentially bridging the traffic.



-- 
                                     _     _  _  _  _      _  _
 {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
 (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
 [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]