[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Firewall Informer

On Sun, Feb 23, 2003 at 05:47:18PM -0000, Matt Foster wrote:
> Gentlemen,
>

Glad to see this wasn't just fire & forget SPAM.  

It still seems pretty off topic for this list.  
 
Your screen shot sure looks like a M$ application, does this thing run
natively on Debian?

> Just to let you know Firewall Informer transmits network traffic

Scary name.  It conjures images of seedy double-agents "informing" on
their governments.

> between two network cards on a standard windows PC, this allows it to

Ah, a "standard windows PC".  I assume the Informer won't run on a
standard UNIX PC then?

> replay a true client / server stateful conversation specifying any

So, it can record and replay network conversation?

> source and destination IP addresses and port information, using any
> point to point protocol. This testing is performed without protocols

Does this mean the Informer can only deal with PPP?  That seems somewhat
limited?  According to this;

http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/ppp.htm#xtocid5 

	"PPP is capable of operating across any DTE/DCE interface."

I'm not sure if a standard PC network card counts as a DTE/DCE
interface.  However, according to this document I guess you could use
the AUI port.

http://www.patton.com/technotes/about_dce-dte_for_ethernet.pdf

> bound to either interface. This allows any inline packet filtering
> device to be tested to accurately to prove what can get through and
> what it blocked. Due to the configuration, testing can be performed
> bi-directionally allowing for an "outside in & inside out" view.
> 

If I am interpreting your diagrams correctly it would seem that your
device "short circuits" the firewall?  

Your page states;

"Under normal circumstances connecting a single device into both sides
of a firewall would constitute a significant risk and one that typically
would not be allowed.  We negate that problem thanks to our ability to
send and receive packets without the need for protocols to be bound to
the cards."

http://www.blade-software.com/FWInformer.htm

So, I am to trust your engineer's ability to build a bugless secure
product? 

> Currently the application is being used by both government, corporate
> and consulting organizations.

I don't really consider governmental use to be a resounding
recommendation.  After all the US military standardized on Windows NT
demonstrating that robustness and security are not a primary concern in
governmental decisions.

Also, www.blade-software.com resolves to;

tjp@shadow:./blade>host www.blade-software.com
www.blade-software.com  CNAME   sub.hosting.ntl.com
sub.hosting.ntl.com     A       62.253.161.10

Whilst, blade-software.com resolves to the same IP 

tjp@shadow:./blade>host blade-software.com
blade-software.com      A       62.253.161.10

However, if you go to http://blade-software.com/ your service provider's
virtual domain for this resolves to their home page.  Probably not what
you want.

If you feel any of this was useful you can send some resources my way
via this page.  http://parvu.net/support.html

P.S. Any chance you could set the line wrap on your email client to
something reasonable like 80 characters?

<<>><><<>><><<>><<>><><<>><><<>><<>><><<>><><<>><<>><><<>><><<>><<>><><<>><><<>>

Ted Parvu <ted@parvu.net>					http://parvu.net
Reply to: