Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: statefull inspection FW and hackers

From: "David Gillett" <gillettdavid () fhda edu>
Date: Wed, 20 Aug 2008 10:15:13 -0700
  Statefulness doesn't help with SYN port scans -- that much is correct.

  However, some attacks may depend on violating the normal state transitions
or sequencing of TCP traffic, or on scanning with other sorts of packets --
I see unsolicited SYN-ACK packets all the time.  (Those are probably just
responses to spoofed SYNs, but I can't know that for certain.  I'm not sure 
what a scan with RST or FIN packets would reveal.)

  Most of the stateful firewalls I've seen also do inspection of FTP control

traffic, so that FTP data sessions on negotiated ports can be allowed
without
leaving masses of high-numbered ports open all the time. An awful lot of 
junk/noise can be filtered out by that.

David Gillett



-----Original Message-----
From: listbounce () securityfocus com 
[mailto:listbounce () securityfocus com] On Behalf Of Juan B
Sent: Tuesday, August 19, 2008 10:05 PM
To: security basics
Subject: statefull inspection FW and hackers



Hi,

Can someone please explain why statefull  inspection Fw helps 
against hackers? I know that those FW keep track of the 
sessions but I dont understand how the feature might help 
against a port scan from the internet or other ways to 
mitigate hackers attacks.

Thanks

Juan
Previous By Date Next
Previous By Thread Next

Current thread: