[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Hacking a firewall

Hi.

Do you know what 'stateful inspection' means? It *DOES NOT* mean 'check if
the connection is established'
<From ipfilter's FAQ>
Q. What does "keep state" actually do ? Is it useful ?

A. First, yes, it is useful. What it does is allows you to only allow TCP
packets through your firewall which are recognised as being part of an
established connection rather than just arbitary TCP packets which can be
used to perform "stealth scanning".

</From ipfilter's FAQ>

Stateful inspection will check to make sure the protocol is correct: i.e. no
one in your network is using port 80 for ICQ. This will work on ipfilter but
not on Firewall-1.

-------------------------
Aviram Jenik

"Addicted to Chaos"

-------------------------
Today's quote:
The first sign of a nervous breakdown is when you start
thinking your work is terribly important.
                         - Milo Bloom


----- Original Message -----
From: Jens Hellmerichs-Friedrich <jens@friedrich-net.de>
To: Aviram Jenik <aviram@securiteam.com>; Debian-Firewall List
<debian-firewall@lists.debian.org>
Sent: Wednesday, August 04, 1999 8:48 Night
Subject: Re: Hacking a firewall


> Do you know the option keep state ?
>
> Viele Grüße
>              Jens
>
> http://friedrich-net.de
>
> ----- Original Message -----
> From: Aviram Jenik <aviram@securiteam.com>
> To: Jens Hellmerichs-Friedrich <jens@friedrich-net.de>; Debian-Firewall
List
> <debian-firewall@lists.debian.org>
> Sent: Wednesday, August 04, 1999 8:21 PM
> Subject: Re: Hacking a firewall
>
>
> Are you sure about that?
> AFAIK ipfilter can only block or allow certain packets according to source
> port, destination port and various flags within the packet (but I could be
> wrong!). Anyway, that is *not* stateful inspection.
>
> -------------------------
> Aviram Jenik
>
> "Addicted to Chaos"
>
> -------------------------
> Today's quote:
>
>   Top 25 Explanations by Programmers when their programs don't work:
>
>     6. The machine seems to be broken.
>
>
> ----- Original Message -----
> From: Jens Hellmerichs-Friedrich <jens@friedrich-net.de>
> To: Aviram Jenik <aviram@securiteam.com>; Simon Martin <smartin@isys.cl>;
> Debian-Firewall List <debian-firewall@lists.debian.org>
> Sent: Tuesday, August 03, 1999 10:25 P Aviram
> Subject: Re: Hacking a firewall
>
>
> > IP-Filter (available for Linux too) supports stateful inspections !
> >
> > Viele Grüße
> >              Jens
> >
> > http://friedrich-net.de
> >
> > ----- Original Message -----
> > From: Aviram Jenik <aviram@securiteam.com>
> > To: Simon Martin <smartin@isys.cl>; Debian-Firewall List
> > <debian-firewall@lists.debian.org>
> > Sent: Tuesday, August 03, 1999 8:58 PM
> > Subject: Re: Hacking a firewall
> >
> >
> > > >
> > > > 1) Comparison of Debian Vs Firewall-1
> > > > My major competition here is Firewall-1. Anyone know of any
comparison
> > of
> > > > features / robustness / weaknesses?
> > >
> > > FW-1 Uses stateful inspection, which is way more secure then the
packet
> > > filtering techniques of ipchains and others. It's not right to compare
> > > between the two, because the question is cost-effectiveness. FW-1 is
> must
> > > more full-featured/robust/strong, etc but costs 5 digits to buy.
> > >
> >
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> >
> >
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>
Reply to: