Security Basics mailing list archives
Re: statefull inspection FW and hackers
From: "Andrea Gatta" <andrea.gatta () gmail com>
Date: Wed, 20 Aug 2008 20:02:26 +0200
Hi Juan, a stateful inspection firewall can greatly improve the security of your perimeter even in case of a port scan. Think about the following scenario: an attacker is trying to "fly under the radar" using common scanning techniques, let's say using a FYN scan. In that case a static packet filter will not see and - most important - LOG such activity. So you won't be aware a reconnaissance is taking place. On the other hand, a stateful inspection firewall - and I mean with that expression a device that has the concept of 'session' and at the same time is capable to work both on the header and the payload - might help preventing attacks even on open and exposed applications. An example of that is an IPS which is nothing more than a stateful inspection firewall which uses signatures to patter match stuff happening on the wire. Another thing I have learned is that what stateful really means can change from vendor to vendor. So one good point would be to clearly understand if we are talking about stateful packet filtering and/or stateful inspection. They are not clearly the same thing. Hope that helps. Andrea On Wed, Aug 20, 2008 at 7:04 AM, Juan B <juanbabi () yahoo com> wrote:
Hi, Can someone please explain why statefull inspection Fw helps against hackers? I know that those FW keep track of the sessions but I dont understand how the feature might help against a port scan from the internet or other ways to mitigate hackers attacks. Thanks Juan
Current thread:
- statefull inspection FW and hackers Juan B (Aug 20)
- Re: statefull inspection FW and hackers Adam Mooz (Aug 20)
- Re: statefull inspection FW and hackers Roman Fulop (Aug 20)
- RE: statefull inspection FW and hackers David Gillett (Aug 20)
- Re: statefull inspection FW and hackers Andrea Gatta (Aug 21)
- Re: statefull inspection FW and hackers ॐ aditya mukadam ॐ (Aug 25)
- Re: statefull inspection FW and hackers Andrea Gatta (Aug 21)
- Re: statefull inspection FW and hackers Andrea Gatta (Aug 20)
- Re: statefull inspection FW and hackers Adriel Desautels (Aug 20)
- <Possible follow-ups>
- Re: statefull inspection FW and hackers aditya . mukadam (Aug 25)