| Title: | SEAL |
| Moderator: | GALVIA::SMITH |
| Created: | Mon Mar 21 1994 |
| Last Modified: | Fri Jun 06 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 1989 |
| Total number of notes: | 8209 |
According to the Internet Firewalls: A White Paper -
"Proxies operate at the application-level, rather than at the network
level. This allows the proxies to examine all of the contextual data
in a packet. In effect, the proxy examines the content of the packet.
By examing all the data packets for each connection, the proxies give
the firewall much more information about the connection. ..."
I know it can tell Source Port, Destination Port. I assume that the
only additional beneficial thing it can do is to ensure that the
checksum is correct. I know it can't tell what this piece of data
will do since it's only a piece of a puzzle. It would need to gather
and store all the pieces to determine if it's a virus or something
destructive.
Anyone know what else it can do by examining the contextual data?
Regards,
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 1784.1 | EEMELI::EINAMO | Mon Feb 10 1997 02:07 | 21 | ||
> This allows the proxies to examine all of the contextual data > in a packet. In effect, the proxy examines the content of the packet. > By examing all the data packets for each connection, the proxies give > the firewall much more information about the connection. ..." Every time I say this to customer I feel like I am laying ... because when I say "proxy examines the content of ..." the next question from customer is ... yes like virus scaning java / active-x alerts and mail-snoopping by context and virus cheks for mail-extentions .... cool When I try to examine that for virus scanning you need to collect all packets to do real virus check the customer say that --- lets do it on packet level and drop the conection as soon as virus is detected ... sure you can do that. We are loosing markets for gauntlet,firewall 1 here MARKO | |||||