Firewall Wizards: Re: Rationale of the great DMZ

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Firewall Wizards mailing list archives

Re: Rationale of the great DMZ

From: "Steven M. Bellovin" <smb () research att com>
Date: Sat, 13 Jul 2002 11:50:44 +0900

In message <Pine.LNX.4.44.0207101323470.23014-100000 () adams patriot net>, Paul R
obertson writes:

I've always been of the opinion that stats should be gathered off the 
network by a machine that doesn't have transmit capability (either the 
cable doesn't have a TX wire, or the Ethernet driver for the listening NIC 
doesn't have that code.)


There are actually commercial devices to do that -- the FBI uses one 
with Carnivore...

                --Steve Bellovin, http://www.research.att.com/~smb (me)
                http://www.wilyhacker.com ("Firewalls" book)


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

By Date By Thread

Current thread:

Rationale of the great DMZ Scott, Richard (Jul 10)
- Re: Rationale of the great DMZ Paul Robertson (Jul 10)
- <Possible follow-ups>
- RE: Rationale of the great DMZ Noonan, Wesley (Jul 10)
- Re: Rationale of the great DMZ Steven M. Bellovin (Jul 13)
  - Network "tap" (was Re: Rationale of the great DMZ) firewalls (Jul 18)