| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f85a2af2f92b4ec92ddfa856996aeb9d@phocean.net> Date: Wed, 11 May 2011 13:05:21 +0200 From: phocean <0x90@...cean.net> To: <full-disclosure@...ts.grok.org.uk> Subject: Re: Sony: No firewall and no patches Wrong. Passive FTP is the first example that comes to my mind where inspection (based on statefulness) is needed. Also, if you filter (and you should) both inbound and outbound traffic, how do you allow legitimate responses to the server? In many cases and network designs, statefulness also allows to build slightly shorter and more efficient filtering rules. This way, a step toward simplicity is often a step toward security. On Wed, 11 May 2011 09:54:59 +0000, Dobbins, Roland wrote: > On May 11, 2011, at 4:52 PM, phocean wrote: > >> I want to read how you justify that stateful hardware is useless to >> check sessions of TCP and upper protocols. > > > In front of servers, where there is no state to inspect. > > > ----------------------------------------------------------------------- > Roland Dobbins <rdobbins@...or.net> // <http://www.arbornetworks.com> > > The basis of optimism is sheer terror. > > -- Oscar Wilde > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists