Re: how to determine whether a firewall is stateful or just a simple packet filter?

[Eric Vyncke <evyncke () cisco com>]

Even easier, run nmap -p0 -sA ... from the public towards on server on the 
private side (like an internal web server). Nmap will send a TCP ACK 
without an established connection. If you received a RST packet, you are 
not stateful.

Else, you are at least keeping one state.

But, being stateful at layer 4 is more complex than that: do you check 
sequence number ? what about IP fragmentation ?

and what about L7 states ?

There is no easy answer

-eric

At 09:10 12/03/2002 -0500, Jose Nazario wrote:
> On Tue, 12 Mar 2002, ·ç·ç wrote:
>
> > how to determine whether a firewall is stateful or just a simple
> > packet filter? because of job ,I am eager to make clear of it. I will
> > be very appreciate if someone can tell me.
>
> quite simple, really: you can send 'response' packets to stimuli that
> never were sent (ie a SYN-ACK) and watch for a response from the target
> (ie a RST).
>
> ____________________________
> jose nazario                                                 jose () cwru edu
>                      PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
>                                        PGP key ID 0xFD37F4E5 (pgp.mit.edu)
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () nfr com
> http://list.nfr.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards