Full Disclosure mailing list archives
Re: Stateful Packet Inspection
From: whiplash <whiplash () despammed com>
Date: Tue, 03 Aug 2004 22:46:17 +0200
Goetz Von Berlichingen wrote:
The original message has some merit with respect to netfilter - the Linux kernel firewall is capable of looking at headers only.
Really funny. Try and explain, then, how Linux netfilter correctly recognizes, nats and keeps state of protocols like ftp, irc/dcc, h323, pptp and so on.
This does allow some stateful packet inspection - one can discriminate against incoming connection attempts with --syn, for instance.
Do you have any idea of what stateful means?
This isn't really stateful, however, since the firewall does not retain any knowledge of the state of a connection.
Yeah, of course. I suppose that #lsmod | grep track ip_conntrack_ftp 5216 1 [ip_nat_ftp] ip_conntrack_irc 4256 1 [ip_nat_irc] ip_conntrack 41332 4 (autoclean) [ip_nat_ftp ip_conntrack_ftp ip_nat_irc ip_conntrack_irc ipt_MASQUERADE iptable_nat ipt_state] is just the output of some allucination of mine. <g>
iptables is pretty much useless agains covert channels such as Loki, Q, or any of the various tunneling packages.
A good advice for you, absolutely for free: shutdown -h now (do you know what it means, at least? <g>) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Stateful Packet Inspection Goetz Von Berlichingen (Aug 01)
- Re: Stateful Packet Inspection Aaron Gray (Aug 01)
- Re: Stateful Packet Inspection Shashank Rai (Aug 01)
- Re: Stateful Packet Inspection Michael Gale (Aug 03)
- Re: Stateful Packet Inspection whiplash (Aug 03)