Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: Stateful Proxying?

Stateful Proxying?

From: Small, Jim <jim.small_at_eds.com>
Date: Mon, 17 Mar 2003 17:34:32 -0500

While talking about Firewalls and Proxies, I was asked, can you have a
"Stateful Proxy"?

It seems like a simple enough question, but I was not sure how to answer it.
Typically a Proxy Server doesn't forward IP packets, so it must listen for
any service it proxies and then "proxy" the service. This almost implies
state, doesn't it? But do Proxy servers watch ack and sequence numbers or
"keep state" like a stateful packet filter does? Am I thinking about this
correctly?

If a Proxy Server is "stateful" then the difference between a stateful
packet filter and a stateful proxy becomes small indeed. Would you then
classify the difference as whether or not the proxy server breaks the
connection/circuit and how for up the OSI model it checks and how thoroughly
it checks the protocols for RFC/rules conformance?

I would greatly appreciate any feedback or pointers.

Thanks,
   <> Jim

_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Mar 18 2003

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos