|
Security Basics
statefull inspection FW and hackers Aug 20 2008 05:04AM Juan B (juanbabi yahoo com) (4 replies) Re: statefull inspection FW and hackers Aug 20 2008 06:02PM Andrea Gatta (andrea gatta gmail com) (1 replies) |
|
 Privacy Statement |
However, some attacks may depend on violating the normal state transitions
or sequencing of TCP traffic, or on scanning with other sorts of packets --
I see unsolicited SYN-ACK packets all the time. (Those are probably just
responses to spoofed SYNs, but I can't know that for certain. I'm not sure
what a scan with RST or FIN packets would reveal.)
Most of the stateful firewalls I've seen also do inspection of FTP control
traffic, so that FTP data sessions on negotiated ports can be allowed
without
leaving masses of high-numbered ports open all the time. An awful lot of
junk/noise can be filtered out by that.
David Gillett
> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed]
> [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Juan B
> Sent: Tuesday, August 19, 2008 10:05 PM
> To: security basics
> Subject: statefull inspection FW and hackers
>
>
>
> Hi,
>
> Can someone please explain why statefull inspection Fw helps
> against hackers? I know that those FW keep track of the
> sessions but I dont understand how the feature might help
> against a port scan from the internet or other ways to
> mitigate hackers attacks.
>
> Thanks
>
> Juan
>
>
>
>
>
>
>
>
[ reply ]