Re: [fw-wiz] Firewalls that generate new packets..

From: "Marcus J. Ranum" <mjr@xxxxxxxxx>
Date: Tue, 27 Nov 2007 19:28:29 -0500

jdgorin@xxxxxxxxxxxx wrote:

I also remember that early Checkpoint firewalls broke FTP connection if the PORT
command and the PORT arguments were sent in differents packets (back in those
old times, some FTP gateway did that kind of tricks).
That was deep but not smart inspection!

That was a side effect of the fact that they didn't do TCP reassembly,
packet defragmentation, or re-ordering. I always figured that they were
just doing a case-independent compare for "PORT " at the beginning
of the packet data.

Heck of a "state" engine, huh?

mjr.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

References:
- Re: [fw-wiz] Firewalls that generate new packets..
  - From: jdgorin

Prev by Date: Re: [fw-wiz] Firewalls that generate new packets..
Next by Date: Re: [fw-wiz] Firewalls that generate new packets..
Previous by thread: Re: [fw-wiz] Firewalls that generate new packets..
Next by thread: [fw-wiz] Active-Active Single-context Failover on an ASA 5550
Index(es):
- Date
- Thread

Relevant Pages

PATCH: Remove file riowinif.h from rio driver (unused file)
... -/* The RUP (Remote Unit Port) structure relates to the Remote Terminal Adapters ... - CONFIG is sent from the driver to configure an already opened port. ... - Packet structure is same as OPEN. ... - of the specified port's RTA address space. ...
(Linux-Kernel)
Re: General questions about Sockets
... > could I push it before I see the network slowing down and/or errors? ... Nagle/Delayed ACK interaction but you could confirm it with a packet ... > I can setup any port in my registry, but what would be the 'default' one I ... Google could confirm it. ...
(microsoft.public.win32.programmer.networks)
Re: File Transfer and WinSock
... I have message types defined and a packet protocol that I use which may be ... You need to bind the winsock control to some port. ... this.Parent.SendConfirmation(lcMessageID, lnPacketNumber) ... SEEK lcMessageID + STR ...
(microsoft.public.fox.programmer.exchange)
Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Executio
... maybe abit more about packet infos.. ... more when the author comes out with it wich is, possibly never, but, i ... wich the port opens, but this is undisclosed. ... I have looked at this and, you dont need to be udp... ...
(Full-Disclosure)
Re: File Transfer and WinSock
... I have message types defined and a packet protocol that I use which may be ... You need to bind the winsock control to some port. ... this.Parent.SendConfirmation(lcMessageID, lnPacketNumber) ... SEEK lcMessageID + STR ...
(microsoft.public.fox.programmer.exchange)