Hi.
Do you know what 'stateful inspection' means? It *DOES NOT* mean 'check if
the connection is established'
<From ipfilter's FAQ>
Q. What does "keep state" actually do ? Is it useful ?
A. First, yes, it is useful. What it does is allows you to only allow TCP
packets through your firewall which are recognised as being part of an
established connection rather than just arbitary TCP packets which can be
used to perform "stealth scanning".
</From ipfilter's FAQ>
Stateful inspection will check to make sure the protocol is correct: i.e. no
one in your network is using port 80 for ICQ. This will work on ipfilter but
not on Firewall-1.
-------------------------
Aviram Jenik
"Addicted to Chaos"
-------------------------
Today's quote:
The first sign of a nervous breakdown is when you start
thinking your work is terribly important.
- Milo Bloom
----- Original Message -----
From: Jens Hellmerichs-Friedrich <[EMAIL PROTECTED]>
To: Aviram Jenik <[EMAIL PROTECTED]>; Debian-Firewall List
<[email protected]>
Sent: Wednesday, August 04, 1999 8:48 Night
Subject: Re: Hacking a firewall
> Do you know the option keep state ?
>
> Viele Gr��e
> Jens
>
> http://friedrich-net.de
>
> ----- Original Message -----
> From: Aviram Jenik <[EMAIL PROTECTED]>
> To: Jens Hellmerichs-Friedrich <[EMAIL PROTECTED]>; Debian-Firewall
List
> <[email protected]>
> Sent: Wednesday, August 04, 1999 8:21 PM
> Subject: Re: Hacking a firewall
>
>
> Are you sure about that?
> AFAIK ipfilter can only block or allow certain packets according to source
> port, destination port and various flags within the packet (but I could be
> wrong!). Anyway, that is *not* stateful inspection.
>
> -------------------------
> Aviram Jenik
>
> "Addicted to Chaos"
>
> -------------------------
> Today's quote:
>
> Top 25 Explanations by Programmers when their programs don't work:
>
> 6. The machine seems to be broken.
>
>
> ----- Original Message -----
> From: Jens Hellmerichs-Friedrich <[EMAIL PROTECTED]>
> To: Aviram Jenik <[EMAIL PROTECTED]>; Simon Martin <[EMAIL PROTECTED]>;
> Debian-Firewall List <[email protected]>
> Sent: Tuesday, August 03, 1999 10:25 P Aviram
> Subject: Re: Hacking a firewall
>
>
> > IP-Filter (available for Linux too) supports stateful inspections !
> >
> > Viele Gr��e
> > Jens
> >
> > http://friedrich-net.de
> >
> > ----- Original Message -----
> > From: Aviram Jenik <[EMAIL PROTECTED]>
> > To: Simon Martin <[EMAIL PROTECTED]>; Debian-Firewall List
> > <[email protected]>
> > Sent: Tuesday, August 03, 1999 8:58 PM
> > Subject: Re: Hacking a firewall
> >
> >
> > > >
> > > > 1) Comparison of Debian Vs Firewall-1
> > > > My major competition here is Firewall-1. Anyone know of any
comparison
> > of
> > > > features / robustness / weaknesses?
> > >
> > > FW-1 Uses stateful inspection, which is way more secure then the
packet
> > > filtering techniques of ipchains and others. It's not right to compare
> > > between the two, because the question is cost-effectiveness. FW-1 is
> must
> > > more full-featured/robust/strong, etc but costs 5 digits to buy.
> > >
> >
> >
> >
> > --
> > To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> > with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
> >
> >
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
>
>
