nanog mailing list archives
RE: I don't need no stinking firewall!
From: "Brandon M. Lapointe" <brandon () shrader net>
Date: Wed, 6 Jan 2010 11:18:55 -0600
-----Original Message----- From: David Hiers [mailto:hiersd () gmail com] Sent: Wednesday, January 06, 2010 10:50 AM To: Brian Johnson Cc: nanog () nanog org Subject: Re: I don't need no stinking firewall!
Poking the dragon a bit, aren't you? Fun.
If you really look at it, there is no quantitative difference between statefull and non-statefull. A non-stateful firewall can prevent a TCP session from entering the SYN_RECEIVED state by blocking the SYN packet, so it strongly impacts session state without really trying. A statefull firewall will venture a bit deeper into the state diagram with a few more rules, but this is mostly a quantitative difference when viewed at a behavioral level -snip-
David
+1 As mentioned before, the line has substantially blurred with what current devices (routers/load balancers) can do in hardware. Brandon L. On Tue, Jan 5, 2010 at 12:16 PM, Brian Johnson <bjohnson () drtel com> wrote:
Security Gurus, et al, I have my own idea of what a firewall is and what it does. I also understand what statefull packet inspection is and what it does. Given this information, and not prejudging any responses, exactly what is a firewall for and when is statefull inspection useful? Please respond on-list as I want to have some useful discourse and discussion in the clear. Flamers and Trolls will be disregarded. :) Thank you. - Brian CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, copying, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Thank you.
Current thread:
- Re: I don't need no stinking firewall!, (continued)
- Message not available
- Re: I don't need no stinking firewall! William Herrin (Jan 05)
- Message not available
- Re: I don't need no stinking firewall! Fred Baker (Jan 05)
- Re: I don't need no stinking firewall! Sean Donelan (Jan 05)
- Re: I don't need no stinking firewall! Kenny Sallee (Jan 05)
- Re: I don't need no stinking firewall! Mark Smith (Jan 05)
- Re: I don't need no stinking firewall! James Hess (Jan 05)
- Re: I don't need no stinking firewall! Rich Kulawiec (Jan 05)
- Re: I don't need no stinking firewall! William Herrin (Jan 05)
- Re: I don't need no stinking firewall! Jorge Amodio (Jan 05)
- Re: I don't need no stinking firewall! David Hiers (Jan 06)
- RE: I don't need no stinking firewall! Brandon M. Lapointe (Jan 06)
- RE: I don't need no stinking firewall! gb10hkzo-nanog (Jan 06)
- RE: I don't need no stinking firewall! Joel Snyder (Jan 08)