Re: stateful inspection
From: Keith W. McCammon (km@km.com)Date: 12/19/01
- Next message: Lance Delacroix: "Re: Determining what should be blocked in and out?"
- Previous message: Nadir Sahnoun: "PIX 506 and network speed interface"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Keith W. McCammon" <km@km.com> Date: Wed, 19 Dec 2001 09:26:01 -0500
> While that technology appears to be patented, Netgear has at least one
> product
> (RO-318 Security Router) that boasts about "stateful inspection".
I don't have any specifics, as I'd imagine that you'd have to pry those from
the clutches of Netgear. However, if they are advertising stateful
inspection, that's probably what you're getting. Checkpoint had patented
their stateful inspection scheme, but there are any number of firewalls out
there that keep session state. It's not groundbreaking technology. Just
about any worthwhile commercial firewall keeps state, as do most free
firewalls for use on *BSD or Linux.
All that stateful inspection entails is the creation of a memory-resident
table, and as SYN packets arrive, you add new connections to that table.
Anything else that arrives with SYN/ACK, ACK, FIN, or RST must match an
existing connection in the state table to be passed. Checkpoint does it one
way (which, up until 4.1 SP2, was still pretty crappy because you could send
an ACK to start a session and it would be added to the state table), but any
vendor could implement this effectively.
- Next message: Lance Delacroix: "Re: Determining what should be blocked in and out?"
- Previous message: Nadir Sahnoun: "PIX 506 and network speed interface"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
