Hi, =

On Tue, Nov 27, 2007 at 07:55:05PM -0500, Marcus J. Ranum wrote:

> Or is it a device that does security at higher layers,
> including some layer-7 awareness? If it's doing layer-7
> stuff, can it be excused from worrying about fragment
> re-assembly (how could it possibly?) or re-ordering?

How can it do any useful stuff on layer-7 without reassembling
the _resulting_ data stream first?

Think of overlapping fragments or Michael Olsson's clever partial
ACK attack to FTP ...

Well, I know that you know ... but what's the point of your above
statement, then?

Kind regards,
Patrick M. Hausen
Leiter Netzwerke und Sicherheit
-- =

punkt.de GmbH * Vorholzstr. 25 * 76137 Karlsruhe
Tel. 0721 9109 0 * Fax 0721 9109 100
info@punkt.de http://www.punkt.de
Gf: J=FCrgen Egeling AG Mannheim 108285
firewall-wizards mailing list