Security Basics mailing list archives
Re: statefull inspection FW and hackers
From: "Adam Mooz" <adam.mooz () gmail com>
Date: Wed, 20 Aug 2008 11:32:40 -0400
A SPI is just a dynamic firewall, so it opens ports for outbound connections, allows inbound connections related to outbound connections, and most imporantly, closes unused ports automatically. So, a SPI only indirectly helps against port scans by keeping things closed that don't need to be open. An example is say you're playing a game. This game needs port 1000 open to conect to it's server. So the SPI happily lets this outbound connection in. The server accepts the port but wants port 2000 open to talk to the client in your computer, so the SPI detects this inbound connection is related to the outbound on port 1000, and allows this connection through (opening port 2000.) Now, your friend's game client gets your IP from the server and wants to connect to you on port 3000 (you're hosting the game). Since this is an inbound connection, and you currently have no outbound connections (directly) to your friend, the SPI denies this request. So with you and your friend unable to connect to each other you decided to quit this game and try another. When you quit, you close all connections to the server. The SPI detects this change and closes ports 1000 and 2000 respectivly. So, as the SPI dynmically opens and closes ports, this is the protection it provides against hackers and port scans. -Adam. On Wed, Aug 20, 2008 at 1:04 AM, Juan B <juanbabi () yahoo com> wrote:
Hi, Can someone please explain why statefull inspection Fw helps against hackers? I know that those FW keep track of the sessions but I dont understand how the feature might help against a port scan from the internet or other ways to mitigate hackers attacks. Thanks Juan
Current thread:
- statefull inspection FW and hackers Juan B (Aug 20)
- Re: statefull inspection FW and hackers Adam Mooz (Aug 20)
- Re: statefull inspection FW and hackers Roman Fulop (Aug 20)
- RE: statefull inspection FW and hackers David Gillett (Aug 20)
- Re: statefull inspection FW and hackers Andrea Gatta (Aug 21)
- Re: statefull inspection FW and hackers ॐ aditya mukadam ॐ (Aug 25)
- Re: statefull inspection FW and hackers Andrea Gatta (Aug 21)
- Re: statefull inspection FW and hackers Andrea Gatta (Aug 20)
- Re: statefull inspection FW and hackers Adriel Desautels (Aug 20)
- <Possible follow-ups>
- Re: statefull inspection FW and hackers aditya . mukadam (Aug 25)