Firewall Wizards mailing list archives

Re: how to determine whether a firewall is stateful or just a simple packet filter?

From: Barney Wolff <barney () databus com>
Date: Fri, 15 Mar 2002 11:20:49 -0500

Not so fast - some things, including some Cisco gear, can be configured
to send a reset on behalf of the destination host.  I discovered this
when my provider had a problem with leaking packets to the wrong
DSL link, and whoever got them sent TCP reset even tho the destination
IP and MAC was not theirs.  It was quite annoying and a demonstration
of why active IDS is not always a good idea.

On Thu, Mar 14, 2002 at 06:04:55PM +0100, Eric Vyncke wrote:

Even easier, run nmap -p0 -sA ... from the public towards on server on the 
private side (like an internal web server). Nmap will send a TCP ACK 
without an established connection. If you received a RST packet, you are 
not stateful.


-- 
Barney Wolff
I never met a computer I didn't like.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

how to determine whether a firewall is stateful or just a simple packet filter? 루루 (Mar 12)
- Re: how to determine whether a firewall is stateful or just a simple packet filter? R. DuFresne (Mar 13)
- Re: how to determine whether a firewall is stateful or just a simple packet filter? Jose Nazario (Mar 13)
- Re: how to determine whether a firewall is stateful or just a simple packet filter? Daniel.Deremiah (Mar 13)
- Message not available
  - Re: how to determine whether a firewall is stateful or just a simple packet filter? Eric Vyncke (Mar 15)
    - Re: how to determine whether a firewall is stateful or just a simple packet filter? Barney Wolff (Mar 15)
    - Re: how to determine whether a firewall is stateful firewalls (Mar 15)
    - RE: how to determine whether a firewall is stateful Ofir Arkin (Mar 17)
    - Re: how to determine whether a firewall is stateful Mikael Olsson (Mar 29)