[fw-wiz] Firewalls that generate new packets..

jdgorin at computer.org jdgorin at computer.org
Tue Nov 27 13:21:19 EST 2007

> Marcus J. Ranum wrote:
> Last topic: "inspection"  The term "inspection" has been
> successfully glued onto these devices by marketing
> weasels for over a decade. Can anyone tell me what
> "inspection" is going on? What is inspected, and how, and
> what decisions are made as a result of that inspection?
> I can easily enumerate the "inspection" done by early
> Checkpoint firewalls. It was "inspecting" the FTP command
> stream for lines beginning with "PORT...." and dynamically
> opening a return-hole rule for the ( source, destination ) pair.

I also remember that early Checkpoint firewalls broke FTP connection if the PORT
command and the PORT arguments were sent in differents packets (back in those
old times, some FTP gateway did that kind of tricks).
That was deep but not smart inspection!

New products, new guys in town, and allways the same trouble... Nothing really
new on the Internet security side from more than 10 years!
Some old fashioned minds and ancient lurker might survived this (no)security era

"Reality is that which, when you stop believing in it, doesn't go away."
Philipp K. Dick

More information about the firewall-wizards mailing list