Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: FW Sequence Number based statefulness

From: Nimesh vakharia <nvakhari () clio rad sunysb edu>
Date: Mon, 14 May 2001 17:01:59 -0400 (EDT)

Thanks, but the white paper is not clear how it maintains state using
sequence numbers? What does the firewall do in case it sees an out of
sequence packet(s)?

Nimesh.

On Mon, 14 May 2001, Peter Crocker wrote:


You should expect this from any firewall product that does stateful
inspection of packets. You should also expect a lot more than just sequence
number checking. For example, here is how NetScreen implements stateful
inspection:

http://www.netscreen.com/products/firewall_wpaper.html

Regards,
Peter


-----Original Message-----
From: Carson Gaspar [mailto:carson () taltos org]
Sent: Sunday, May 13, 2001 12:08 AM
To: Nimesh vakharia; firewall-wizards () nfr com
Subject: Re: [fw-wiz] FW Sequence Number based statefulness




--On Thursday, May 10, 2001 9:16 PM -0400 Nimesh vakharia 
<nvakhari () clio rad sunysb edu> wrote:



Are there any firewalls out there that maintain state using sequence
numbers in addition to port/IP etc..?


Darren Reed's free ipfilter does. I'm fairly sure the PIX does (since it 
can re-write sequence numbers), but I can't be certain (love that Cisco 
documentation...).

-- 
Carson




_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards



_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: