Hi,
> As for the stateful packet filtering, I've always not understood that.
> So long as you can specify IP flags within your filtering rules, it is
> technically a stateful firewall. You just need to specify the SYN and
> FIN flags.
here I have to insist (if you don't mind).
IMHO it is a difference if I allow all packets to high ports that have not
the SYN (SYN/ACK) Flag(s) or if I only allow the answers of former
connections. Imagine a sophisticated portscanner like nmap, which plays with
the flags. Stateful filtering is not so important as often said but this is
a clear advantage.
I think, session hijacking is also a bit more difficult through a stateful
packet filter, but I'm not sure about that.
-volker
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
