On Tue, Jan 23, 2001 at 11:05:41PM -0500, Bill Royds wrote:
> Stateful Inspection watches the stream including some protocol monitoring and
>matching outgoing and incoming packets. But it doesn't re-create the stream like a
>full proxy does to allow full syntax checking. It does a bit more that just maintain
>TCP state or match ports and IP IDs like a simple stateful filter (versus a stateless
>filter that does not match packets to a conversation).
> There is a kind of hierarchy of firewalls
> NATting router - Modifies destination addresses for private
>networking
> Stateless Packet filter - Checks ports and flags on a packet by packet
>basis
> Statefull Packet filter - Matches packets by sockets (in to out)
> Stateful Inspection - Watches the contents as well(doesn't change
>flags etc.)
> Application Proxy - Recreates contents of incoming to
>outgoing with 2 streams
Actually NAT Routers are normally between Stateful Filters and Stateful
Inspection. Since they keep (session) state and inspect session content (for
FTP, IRC DCC, Netmeeting, ...).
BTW: not much stateful filters will track IP id's. Some, especially if they
offer NAT and PAT will track IP Fragments and reassemble them.
Greetings
Bernd
--
(OO) -- [EMAIL PROTECTED] --
( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE
(O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
