Security Basics mailing list archives
RE: statefull inspection FW and hackers
From: "David Gillett" <gillettdavid () fhda edu>
Date: Wed, 20 Aug 2008 10:15:13 -0700
Statefulness doesn't help with SYN port scans -- that much is correct. However, some attacks may depend on violating the normal state transitions or sequencing of TCP traffic, or on scanning with other sorts of packets -- I see unsolicited SYN-ACK packets all the time. (Those are probably just responses to spoofed SYNs, but I can't know that for certain. I'm not sure what a scan with RST or FIN packets would reveal.) Most of the stateful firewalls I've seen also do inspection of FTP control traffic, so that FTP data sessions on negotiated ports can be allowed without leaving masses of high-numbered ports open all the time. An awful lot of junk/noise can be filtered out by that. David Gillett
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Juan B Sent: Tuesday, August 19, 2008 10:05 PM To: security basics Subject: statefull inspection FW and hackers Hi, Can someone please explain why statefull inspection Fw helps against hackers? I know that those FW keep track of the sessions but I dont understand how the feature might help against a port scan from the internet or other ways to mitigate hackers attacks. Thanks Juan
Current thread:
- statefull inspection FW and hackers Juan B (Aug 20)
- Re: statefull inspection FW and hackers Adam Mooz (Aug 20)
- Re: statefull inspection FW and hackers Roman Fulop (Aug 20)
- RE: statefull inspection FW and hackers David Gillett (Aug 20)
- Re: statefull inspection FW and hackers Andrea Gatta (Aug 21)
- Re: statefull inspection FW and hackers ॐ aditya mukadam ॐ (Aug 25)
- Re: statefull inspection FW and hackers Andrea Gatta (Aug 21)
- Re: statefull inspection FW and hackers Andrea Gatta (Aug 20)
- Re: statefull inspection FW and hackers Adriel Desautels (Aug 20)
- <Possible follow-ups>
- Re: statefull inspection FW and hackers aditya . mukadam (Aug 25)