RE: A firewall Question

From: Andrew Lennon (alennon_uk@xxxxxxxxx)
Date: Fri Oct 12 2001 - 17:00:50 GMT-3

• Next message: Andrew Maskell: "RE: ospf demand circuit (was Re: weird things in IOS ?)"
• Previous message: pimmo@xxxxxxxxxx: "Dec 16 SJ Lab Swap"
• Maybe in reply to: louie kouncar: "A firewall Question"
• Next in thread: Andrew Lennon: "RE: Re: A firewall Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Hmmm,

After thinking about this, lets have a laugh.

Marketing bullsh*t showing their ignorance.

If it is a device which sits on layer 2, it sits on the same broadcast
domain as its victims (let's call them that) and needs to know every mac
within its "zone" (this could be a trunk port, if the NIC is ISL or
dot1q aware) unless it sits on a 2way span port and learns macs by
flooding and getting responses on a regular basis(extremely network
friendly as not all PC's are sending all the time) as people do move
around with PC's. Then it responds to those sending hosts somehow
requesting a retransmission and then having time to process a rule and
then either not responding, or doing so, depending on the rule, all on a
non deterministic broadcast based network, and done on every packet!!!!

If it is a layer 3 device, then it does the usual stuff etc.

It is amazing some suckers actually swallow this crap.

Andy

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Miller, Nathan - Perot
Sent: 12 October 2001 18:41
To: 'louie kouncar'; ccielab@groupstudy.com
Subject: RE: A firewall Question

Checkpoint will tell you that their product sits between layer 2 and
layer
3. It reads packets after they hit their layer 2 destination but before
they are passed up to the layer 3 component of the network stack. IF
someone is suggesting that there is a firewall product that filters
based on
layer 2 information I guess that I do not see much use for that anywhere
other than sitting on a LAN segment doing packet (frame) filtering by
MAC
address. If this is the case I think that this can be done by ACL on a
router provided the router can keep up.

Nathan

-----Original Message-----
From: louie kouncar [mailto:lkouncar@UU.NET]
Sent: Friday, October 12, 2001 10:02 AM
To: ccielab@groupstudy.com
Subject: A firewall Question

All,

I have been working with Check point firewall for a while, and just
today I
heard a guy say that there is a kind of firewall that is a layer 2
device,
anyone can comment on that please....

Thank you

Louie J. Kouncar CCIE #7994

• Next message: Andrew Maskell: "RE: ospf demand circuit (was Re: weird things in IOS ?)"
• Previous message: pimmo@xxxxxxxxxx: "Dec 16 SJ Lab Swap"
• Maybe in reply to: louie kouncar: "A firewall Question"
• Next in thread: Andrew Lennon: "RE: Re: A firewall Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 22:33:18 GMT-3