Re: [fw-wiz] FW and TCP Sessions

From: cs 2004 (cskb2004_at_yahoo.com)
Date: 06/01/04

  • Next message: Henning Brauer: "Re: [fw-wiz] FW and TCP Sessions" 
    To: firewall-wizards@honor.icsalabs.com
Date: Tue, 1 Jun 2004 06:46:13 -0700 (PDT)

    Manoj,

    That indeed was an intersting observation and I think
    your are right.

    Statefule firewalls maintain a stateful session flow
    table when a client initiates a request, which
    contains source, destination addresses, TCP sequencing
    information,Port numbers and additional TCP flags for
    each connection pertaining to that host and creates a
    connection object in the firewall.

    All inbound packets are then compared against the
    session flows in the connection table to validate the
    passage. This connection object is dropped upon
    termination of the session. Typically connection
    object is hashed on the firewall.

    --Chandan

    --- Manoj Kumar Neelapareddy
    <manojkreddyutl@yahoo.com> wrote:
    > Hi,
    >
    > if a FW is said to be a stateful firewall, then will
    > it allow a TCP packet to pass through it(outbound),
    > if
    > i haven't sent a TCP SYN to initiate a TCP Session
    > before sending this TCP packet?
    >
    > I heard that Statefull firewall won't allow any TCP
    > packets, other than TCP SYNs to pass through it, if
    > there is no session corresponding a TCP packet is
    > maintained in FW's session table.
    >
    > and FW will create a new session only when it
    > detects
    > a TCP SYN.
    >
    > is this correct?
    >
    > comments plz.
    >
    > thank u
    > Manoj
    >
    >
    >
    >
    > __________________________________
    > Do you Yahoo!?
    > Friends. Fun. Try the all-new Yahoo! Messenger.
    > http://messenger.yahoo.com/
    > _______________________________________________
    > firewall-wizards mailing list
    > firewall-wizards@honor.icsalabs.com
    >
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

            
                    
    __________________________________
    Do you Yahoo!?
    Friends. Fun. Try the all-new Yahoo! Messenger.
    http://messenger.yahoo.com/
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Henning Brauer: "Re: [fw-wiz] FW and TCP Sessions"

    Relevant Pages

    • [NEWS] Vulnerability in the TCP Protocol Allows RST Spoofing (Cisco Advisory)
      ... A vulnerability in the Transmission Control Protocol (TCP) specification ... the connection may get automatically ... Here is an example of a normal termination of a TCP session: ... Access control lists should also be deployed as close to the edge ...
      (Securiteam)
    • Re: Backgroun dnoise
      ... has alredy timed that session out. ... >> If the firewall is blocking internet access to that addy, ... it is directed to Port 1099 and uses source port 53 coming from ... > even shows you that it _is_ a DNS server. ...
      (comp.security.firewalls)
    • Re: IBM-MAIN 3270 session disconnects
      ... Subject: IBM-MAIN 3270 session disconnects ... I will still accept the fact that it might be a firewall problem, ... send email to listserv@xxxxxxxxxxx with the message: GET IBM-MAIN INFO ...
      (bit.listserv.ibm-main)
    • Re: Code Red Doesnt care about TCP sessions?
      ... Code Red Doesn't care about TCP sessions? ... I also neglected to state that I've correlated this activity to firewall ... >> from the Web server before it sent it's ACK and then GET request. ...
      (Incidents)
    • Re: [Full-disclosure] 0trace - traceroute on established connections
      ... variety of different probes using both UDP and TCP layer-4 protocols. ... elicit ICMP "TTL exceeded" from hosts in the path, LFT can send TCP ... a tool to probe firewall ACLs; ...
      (Full-Disclosure)