Great Circle Associates Firewalls
(September 1995)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Frame Relay firewalls???
From: Anton J Aylward <anton @ the-wire . com>
Date: Fri, 29 Sep 1995 12:23:36 -0400
To: Ken Hardy <ken @ bridge . com>
Cc: firewalls @ GreatCircle . COM

At 10:34 29/9/95 -0500, you wrote:
>Per Anton J Aylward <anton @
 the-wire .
 com>:
>
>>Re your quote: I don't see what packet re-assembly and altency has to do
>>with the trafic being unprotected.
>>Even if your data was in a single packet it could still be hijacked, cloned
>>or whatever.
>
>I believe that the initial quote is not talking about the switches
>themselves, but just to the IP traffic which comes via ATM; the
>company, which obviously has a product to sell and may be skewing
>reality a bit, seems to claim that ordinary IP firewalls need the whole
>IP packet, requiring reassembly.
>
>ATM packets are small and fixed sized -- 5 bytes header and 48 bytes
>payload.  Don't recall details of what I read about IP over ATM (... ),
> but I assume that the IP packets are spread among several
>ATM packets, rather than using IP fragmentation and having an entire IP
>packet, albeit a fragment, in each tiny ATM packet.  (Corrections
>welcome.)
>
That fits in with what I know about ATM.
However, if IP can fragment and re-assemble, and if TCP can hold onto packets 
and do retries so it can get them in order, and this doesn't send people
into kiniptions,
then why should ATM ??

/anton
--
Anton J Aylward
The Strahn and Strachan Group Inc
Information Security Consultants
Voice: (416) 494-8661     Fax: (416) 494-8803


Indexed By Date Previous: Frame Relay firewalls???
From: Jennifer_Bayuk @ notes . pw . com
Next: Re: Choice of secure router software
From: Jennifer_Bayuk @ notes . pw . com
Indexed By Thread Previous: Frame Relay firewalls???
From: Jennifer_Bayuk @ notes . pw . com
Next: Re: Frame Relay firewalls???
From: Ken Hardy <ken @ bridge . com>

Google
 
Search Internet Search www.greatcircle.com