Frozen Fido : RU.UNIX.BSD : Re: Passive FTP

ru.unix.bsd

 
 - RU.UNIX.BSD ------------------------------------------------------------------
 From : Victor Sudakov                       2:5020/400     23 Aug 2005  13:56:51
 To : Alexey G Misyuremko
 Subject : Re: Passive FTP
 --------------------------------------------------------------------------------

 Alexey G Misyuremko wrote:
 
 >> 
 >>>есть pf, есть ipfw2 которые понимают, что такое statefull
 >> 
 >> 
 >> Понимание ipfw очень примитивно. Hазвать это stateful inspection
 >> можно только издеваясь. Оно даже дырочку для простой TCP сессии
 >> закрывает по таймауту, вместо отслеживания состояния соединения.
 >> Hе говоря о более сложных протоколах.
 >> 
 > 
 > за ipfw2 keepstate не скажу, а вот pf вполне правильно
 > state отслеживает.
 
 Про ipf спору нет, TCP сессии он отслеживает грамотно. 
 Hо всё равно не знает никаких протоколов прикладного уровня, кроме
 полудокументированного FTP. Даже rsh нет, а казалось бы куда уж
 проще.
 
 > Конечно, внутрь пакета не залезть, но для того
 > чтобы пропустить соединения только из внутренней сети
 > во внешний мир или отсечь портсканеров/нет сканеров - вполне достойный
 > инструмент.
 
 Если у тебя во внутренней сети, например, IP телефоны или TFTP 
 клиенты, или тебе нужно дергать некое находящееся снаружи устройство
 по rsh - то совершенно негодный инструмент. 
 
 > 
 > 
 >> 
 >>>imho IpTables FreeBSD ничем не уперлась.
 >> 
 >> iptables или что другое, а stateful filter на FreeBSD нужен очень
 >> сильно, иначе скоро никто не станет ее всерьез рассматривать в
 >> качестве МСЭ. Ceterum censeo Carthaginem esse delendam.
 >> 
 > 
 > imho для этого анализ на базе CPU, вернее на базе PC based архитектура,
 > серьездно тоже никто рассматривать не будет (в моем понимании - серьездно
 > это анализ 1Mpps)
 
 Cisco PIX вполне работает на i386 архитектуре. Видимо, ничего особо
 страшного нет.
 
 > 
 >> ЗЫ Hекоторый задел stateful inspection есть в libalias. Hе знаю, можно
 >> ли это использовать для написания МСЭ.
 >> 
 > 
 >  ЗЫ: В STATEFUL INSPECTION я не вкладываю фукционала анализа
 > на уровне приложений.
 
 А что вкладываешь?
 
 -- 
 Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
 2:5005/49@fidonet http://vas.tomsk.ru/
 --- ifmail v.2.15dev5.3
  * Origin: AO "Svyaztransneft", SibPTUS (2:5020/400)

Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор

Тема:	Автор:	Дата:
Re: Passive FTP	Ivan Poplavsky	16 Aug 2005 22:44:21
Re: Passive FTP	Alexey G Misyuremko	23 Aug 2005 11:28:43
Re: Passive FTP	Victor Sudakov	23 Aug 2005 11:52:04
Re: Passive FTP	Alexey G Misyuremko	23 Aug 2005 12:16:45
Re: Passive FTP	Victor Sudakov	23 Aug 2005 13:56:51
Passive FTP	Slawa Olhovchenkov	23 Aug 2005 14:11:28
Re: Passive FTP	Victor Sudakov	23 Aug 2005 15:36:43
Passive FTP	Alex Semenyaka	23 Aug 2005 19:40:46
Re: Passive FTP	Victor Sudakov	24 Aug 2005 06:52:05
Passive FTP	Alex Semenyaka	24 Aug 2005 12:06:04
Passive FTP	Slawa Olhovchenkov	24 Aug 2005 07:42:42
Passive FTP	Vladimir Kurtukov	24 Aug 2005 11:46:37
Passive FTP	Alex Semenyaka	24 Aug 2005 12:19:28
Passive FTP	Slawa Olhovchenkov	25 Aug 2005 09:50:48
Passive FTP	Alex Semenyaka	25 Aug 2005 13:01:16
Passive FTP	Slawa Olhovchenkov	25 Aug 2005 16:10:20
Passive FTP	Alex Semenyaka	25 Aug 2005 17:28:16
Passive FTP	Slawa Olhovchenkov	25 Aug 2005 22:30:26
Passive FTP	Slawa Olhovchenkov	24 Aug 2005 07:13:28
Re: Passive FTP	Victor Sudakov	24 Aug 2005 09:22:10
Re: Passive FTP	Spartak Radchenko	23 Aug 2005 14:39:51
Re: Passive FTP	Gleb Smirnoff	23 Aug 2005 16:40:52
Re: Passive FTP	Victor Sudakov	23 Aug 2005 21:16:57
Re: Passive FTP	Gleb Smirnoff	23 Aug 2005 23:04:53
Re: Passive FTP	Victor Sudakov	24 Aug 2005 06:42:02
Re: Passive FTP	Gleb Smirnoff	24 Aug 2005 11:50:30
Passive FTP	Alex Semenyaka	24 Aug 2005 12:22:56
Re: Passive FTP	Alexey G Misyuremko	24 Aug 2005 14:15:54
Re: Passive FTP	Victor Sudakov	24 Aug 2005 14:32:09
Re: Passive FTP	Alexey G Misyuremko	24 Aug 2005 14:48:31
Passive FTP	Alex Semenyaka	24 Aug 2005 17:10:16
Passive FTP	Slawa Olhovchenkov	24 Aug 2005 07:45:42
Re: Passive FTP	Gleb Smirnoff	23 Aug 2005 16:39:18
Re: Passive FTP	Alexey G Misyuremko	23 Aug 2005 17:02:32
Re: Passive FTP	Victor Sudakov	23 Aug 2005 21:16:58
Re: Passive FTP	Gleb Smirnoff	23 Aug 2005 23:14:33
Re: Passive FTP	Victor Sudakov	24 Aug 2005 07:07:14
Re: Passive FTP	Gleb Smirnoff	24 Aug 2005 11:56:36
Re: Passive FTP	Victor Sudakov	24 Aug 2005 13:06:53
Re: Passive FTP	Gleb Smirnoff	24 Aug 2005 13:57:57
Re: Passive FTP	Alexey G Misyuremko	24 Aug 2005 14:18:28
Passive FTP	Alex Semenyaka	24 Aug 2005 13:07:46
Re: Passive FTP	Gleb Smirnoff	24 Aug 2005 15:04:10
Passive FTP	Alex Semenyaka	24 Aug 2005 17:00:16
Re: Passive FTP	Gleb Smirnoff	25 Aug 2005 12:10:00
Passive FTP	Alex Semenyaka	24 Aug 2005 13:03:28
Re: Passive FTP	Gleb Smirnoff	24 Aug 2005 15:00:08
Passive FTP	Alex Semenyaka	24 Aug 2005 16:46:14
Re: Passive FTP	Gleb Smirnoff	25 Aug 2005 12:05:49
Passive FTP	Alex Semenyaka	25 Aug 2005 13:06:06
Re: Passive FTP	Gleb Smirnoff	25 Aug 2005 17:05:45
Passive FTP	Alex Semenyaka	25 Aug 2005 17:57:42
Re: Passive FTP	Eugene Grosbein	25 Aug 2005 23:04:05
Passive FTP	Alex Semenyaka	25 Aug 2005 21:52:48
Re: Passive FTP	Eugene Grosbein	26 Aug 2005 09:16:42
Passive FTP	Alex Semenyaka	26 Aug 2005 12:14:08
Re: Passive FTP	Eugene Grosbein	26 Aug 2005 18:17:57
Passive FTP	Alex Semenyaka	26 Aug 2005 17:27:06
Re: Passive FTP	Eugene Grosbein	26 Aug 2005 22:21:02
Passive FTP	Alex Semenyaka	26 Aug 2005 20:21:04
Re: Passive FTP	Eugene Grosbein	27 Aug 2005 02:13:20
Passive FTP	Alex Semenyaka	27 Aug 2005 13:54:36
Re: Passive FTP	Eugene Grosbein	28 Aug 2005 17:29:28
Passive FTP	Alex Semenyaka	28 Aug 2005 17:01:16
Re: Passive FTP	Eugene Grosbein	28 Aug 2005 23:31:31
Passive FTP	Alex Semenyaka	29 Aug 2005 13:16:40
Re: Passive FTP	Eugene Grosbein	29 Aug 2005 22:53:05
Passive FTP	Alex Semenyaka	30 Aug 2005 13:05:48
Re: Passive FTP	Sergey Skvortsov	26 Aug 2005 16:27:19
Passive FTP	Alex Semenyaka	26 Aug 2005 17:58:10
Re: Passive FTP	Sergey Skvortsov	26 Aug 2005 23:39:28
Passive FTP	Alex Semenyaka	27 Aug 2005 14:15:52
Passive FTP	Slawa Olhovchenkov	27 Aug 2005 19:31:30
Re: Passive FTP	Kirill Ponomarew	27 Aug 2005 22:30:31
Re: Passive FTP	Sergey Skvortsov	30 Aug 2005 13:59:05
Passive FTP	Alex Semenyaka	30 Aug 2005 16:05:26
Re: Passive FTP	Sergey Skvortsov	30 Aug 2005 18:15:14
Passive FTP	Alex Semenyaka	30 Aug 2005 21:22:00
Re: Passive FTP	Paul Argentoff	30 Aug 2005 18:38:52
Passive FTP	Alex Semenyaka	30 Aug 2005 21:25:06
Re: Passive FTP	Gleb Smirnoff	26 Aug 2005 16:36:23
Passive FTP	Alex Semenyaka	26 Aug 2005 18:22:00
Re: Passive FTP	Eugene Grosbein	27 Aug 2005 02:15:57
Passive FTP	Alex Semenyaka	27 Aug 2005 14:09:36
Re: Passive FTP	Eugene Grosbein	28 Aug 2005 17:32:02
Passive FTP	Alex Semenyaka	28 Aug 2005 17:04:20
Re: Passive FTP	Valentin Davydov	28 Aug 2005 19:50:28
Re: Passive FTP	Kirill Ponomarew	28 Aug 2005 20:40:25
Passive FTP	Slawa Olhovchenkov	30 Aug 2005 16:00:50
Re: Passive FTP	Valentin Nechayev	30 Aug 2005 16:20:19
Passive FTP	Slawa Olhovchenkov	30 Aug 2005 16:30:24
Re: Passive FTP	Gleb Smirnoff	30 Aug 2005 17:56:48
Passive FTP	Alex Semenyaka	28 Aug 2005 19:20:52
Re: Passive FTP	Paul Argentoff	30 Aug 2005 15:35:32
Re: Passive FTP	Eugene Grosbein	30 Aug 2005 19:10:13
Re: Passive FTP	Paul Argentoff	30 Aug 2005 16:36:40
Re: Passive FTP	Eugene Grosbein	30 Aug 2005 20:22:30
Re: Passive FTP	Paul Argentoff	30 Aug 2005 18:26:19
Re: Passive FTP	Eugene Grosbein	30 Aug 2005 22:38:04
Re: Passive FTP	Paul Argentoff	31 Aug 2005 10:06:30
Re: Passive FTP	Paul Argentoff	31 Aug 2005 10:10:49
Passive FTP	Max Khon	31 Aug 2005 14:34:38
Re: Passive FTP	Eugene Grosbein	31 Aug 2005 16:32:13
Re: Passive FTP	Gleb Smirnoff	31 Aug 2005 12:58:43
Passive FTP	Slawa Olhovchenkov	31 Aug 2005 13:08:42
Re: Passive FTP	Gleb Smirnoff	31 Aug 2005 13:32:41
Re: Passive FTP	Andrew Filonov	31 Aug 2005 18:39:40
Re: Passive FTP	Paul Argentoff	30 Aug 2005 18:27:49
Re: Passive FTP	Eugene Grosbein	30 Aug 2005 22:53:56
Passive FTP	Alex Semenyaka	30 Aug 2005 21:53:54
Re: Passive FTP	Eugene Grosbein	31 Aug 2005 11:35:07
Passive FTP	Alex Semenyaka	30 Aug 2005 22:00:42
Re: Passive FTP	Paul Argentoff	31 Aug 2005 10:26:46
Re: Passive FTP	Paul Argentoff	31 Aug 2005 10:21:18
Passive FTP	Alex Semenyaka	30 Aug 2005 21:34:56
Re: Passive FTP	Eugene Grosbein	31 Aug 2005 08:54:08
Passive FTP	Alex Semenyaka	31 Aug 2005 22:31:26
Passive FTP	Alex Semenyaka	31 Aug 2005 22:41:18
Passive FTP	Alex Semenyaka	01 Sep 2005 01:29:58
Passive FTP	Alex Semenyaka	30 Aug 2005 21:31:10
Re: Passive FTP	Eugene Grosbein	31 Aug 2005 08:53:41
Passive FTP	Max Khon	31 Aug 2005 14:31:48
Re: Passive FTP	Eugene Grosbein	31 Aug 2005 16:28:14
Passive FTP	Alex Semenyaka	31 Aug 2005 22:26:06
Re: Passive FTP	Moderator of RU.UNIX.BSD	31 Aug 2005 23:54:16
Re: Passive FTP	Eugene Grosbein	01 Sep 2005 09:28:29
Passive FTP	Alex Semenyaka	01 Sep 2005 10:26:30
Re: Passive FTP	Eugene Grosbein	01 Sep 2005 16:50:38
Passive FTP	Max Khon	01 Sep 2005 15:49:14
Re: Passive FTP	Eugene Grosbein	01 Sep 2005 19:04:17
Passive FTP	Alex Semenyaka	31 Aug 2005 22:41:22
Passive FTP	Alex Semenyaka	01 Sep 2005 01:29:56
Re: Passive FTP	Gleb Smirnoff	30 Aug 2005 17:54:17
Passive FTP	Alex Semenyaka	30 Aug 2005 21:37:12
Re: Passive FTP	Gleb Smirnoff	31 Aug 2005 13:16:39
Passive FTP	Alex Semenyaka	31 Aug 2005 23:28:58
Re: Passive FTP	Gleb Smirnoff	01 Sep 2005 04:22:42
Re: Passive FTP	Valentin Nechayev	01 Sep 2005 10:54:18
Passive FTP	Slawa Olhovchenkov	01 Sep 2005 11:15:00
Re: Passive FTP	Gleb Smirnoff	01 Sep 2005 11:39:34
Passive FTP	Alex Semenyaka	01 Sep 2005 12:14:42
Passive FTP	Max Khon	01 Sep 2005 16:18:40
Passive FTP	Alex Semenyaka	01 Sep 2005 10:10:12
Re: Passive FTP	Gleb Smirnoff	01 Sep 2005 13:28:41
Passive FTP	Slawa Olhovchenkov	01 Sep 2005 08:39:14
Passive FTP	Alex Semenyaka	01 Sep 2005 10:45:02
Passive FTP	Slawa Olhovchenkov	01 Sep 2005 13:09:44
Passive FTP	Alex Semenyaka	30 Aug 2005 16:18:10
Re: Passive FTP	Paul Argentoff	30 Aug 2005 18:42:52
Passive FTP	Alex Semenyaka	30 Aug 2005 21:25:38
Re: Passive FTP	Paul Argentoff	31 Aug 2005 10:35:31
Passive FTP	Alex Semenyaka	31 Aug 2005 23:15:58
Re: Passive FTP	Paul Argentoff	01 Sep 2005 12:29:05
Passive FTP	Alex Semenyaka	01 Sep 2005 12:56:00
Re: Passive FTP	Paul Argentoff	01 Sep 2005 12:35:58
Passive FTP	Alex Semenyaka	01 Sep 2005 15:02:10
Passive FTP	Ilya Kulagin	31 Aug 2005 12:31:30
Passive FTP	Max Khon	29 Aug 2005 17:43:34
Re: Passive FTP	Eugene Grosbein	28 Aug 2005 23:30:07
Passive FTP	Alex Semenyaka	29 Aug 2005 13:16:12
Re: Passive FTP	Eugene Grosbein	29 Aug 2005 22:50:59
Passive FTP	Alex Semenyaka	30 Aug 2005 13:26:18
Re: Passive FTP	Eugene Grosbein	30 Aug 2005 19:02:03
Passive FTP	Alex Semenyaka	30 Aug 2005 20:51:36
Re: Passive FTP	Eugene Grosbein	31 Aug 2005 13:03:47
Re: Passive FTP	Paul Argentoff	31 Aug 2005 10:54:20
Re: Passive FTP	Eugene Grosbein	31 Aug 2005 14:49:49
Re: Passive FTP	Paul Argentoff	31 Aug 2005 13:06:27
Passive FTP	Alex Semenyaka	31 Aug 2005 23:47:30
Passive FTP	Alex Semenyaka	31 Aug 2005 23:08:28
Re: Passive FTP	Eugene Grosbein	01 Sep 2005 09:55:29
Passive FTP	Alex Semenyaka	01 Sep 2005 10:33:24
Re: Passive FTP	Paul Argentoff	01 Sep 2005 12:11:49
Passive FTP	Alex Semenyaka	01 Sep 2005 15:05:24
Re: Passive FTP	Andrew Filonov	24 Aug 2005 12:36:29
Re: Passive FTP	Victor Sudakov	24 Aug 2005 13:06:53
Passive FTP	Alex Semenyaka	23 Aug 2005 19:45:26
Re: Passive FTP	Gleb Smirnoff	23 Aug 2005 23:19:39
Passive FTP	Alex Semenyaka	23 Aug 2005 22:49:56
Re: Passive FTP	Paul Argentoff	29 Aug 2005 13:44:50
Re: Passive FTP	Valentin Nechayev	29 Aug 2005 14:43:43
Passive FTP	Alex Semenyaka	29 Aug 2005 15:16:40
Re: Passive FTP	Valentin Nechayev	30 Aug 2005 01:51:48
Passive FTP	Alex Semenyaka	30 Aug 2005 13:37:34
Re: Passive FTP	Valentin Nechayev	30 Aug 2005 16:10:09
Passive FTP	Alex Semenyaka	30 Aug 2005 20:59:00
Re: Passive FTP	Valentin Nechayev	30 Aug 2005 16:19:18
Passive FTP	Alex Semenyaka	30 Aug 2005 21:07:42
Passive FTP	Alex Semenyaka	29 Aug 2005 15:09:00
Re: Passive FTP	Valentin Nechayev	29 Aug 2005 14:29:29
Passive FTP	Alex Semenyaka	29 Aug 2005 15:06:54

Архивное /ru.unix.bsd/916763942a37.html, оценка 2 из 5, голосов 10