Re: Possible firewall problem?

From: Alan Illeman (illemann_at_surfbest.net)
Date: 08/31/04 

Date: Mon, 30 Aug 2004 20:47:14 -0400

"Copelandia Cyanescens" <synesthesia@ix02x67invalid.net> wrote in message
news:13rn8hnmkmp0w@x02x67invalid.net...
> Kerodo wrote...
>
> >> Stateful inspection is a good thing, but whether or not it's necessary
> >> in your case probably depends on your typical Internet usage. for the
> >> average "grab email and browse the web" user it's probably not
> >> necessary.
> >
> > My typical internet usage is just email, newsgroups and browsing.
> > Pretty simple. I just wondered if stateful inspection was hype or
> > really an advantage. Sounds like it's an advantage, so that's good.
> > Thanks for your explanations...
>
> Not a problem. :)
>
> Stateful inspection, like most things, is good and bad. It certainly
> gives the firewall another tool to use in securing your PC, but delving
> into the realm of theory it could also open up additional holes. If an
> attacker could successfully guess packet sequence numbers or spoof IP
> addresses, the firewall might pass malicious activity a simple packet
> filter would not. Same goes for activity originated by malicious
> software residing on your machine. If a virus or other malware could
> successfully establish a connection, a pure stateful inspector would
> likely let it do its thing. :(
>
> And no, I'm not aware of any *specific* attacks of this nature. I also
> realize that firewalls implement stateful inspection in addition to
> packet filtering and generic rules based filtering, not in stead of. So
> in general, a stateful firewall is preferable to a packet filter IMO. On
> a typical single user's machine it's probably more of a "nice to have if
> you ever need it" sorta thing with the "ever need it" part being pretty
> unlikely. ;)

Interesting stuff, you certainly seem to know what you're talking
about, thanks for the info! Like Kerodo I'm using Kerio 2.1.5 and
have been virus-free since I set it up in March.
Alan

Relevant Pages

  • Re: Possible firewall problem?
    ... >> realize that firewalls implement stateful inspection in addition to ... >> packet filtering and generic rules based filtering, ... a stateful firewall is preferable to a packet filter IMO. ... "Can a bank robber with a concealed gun who never mentions or ...
    (comp.security.firewalls)
  • Re: [Full-Disclosure] Stateful Packet Inspection
    ... > since yours hits on the patch for IPSEC that allows filtering on Security ... > Linux kernel firewall is capable of looking at headers only. ... > firewall either crashes or quits stateful inspection. ... source SPI presonal firewall for Windows. ...
    (Full-Disclosure)
  • Re: Possible firewall problem?
    ... One is Jetico Personal Firewall beta, ... > for instance that a packet coming from X is part of an already ... > Stateful inspection is a good thing, but whether or not it's necessary ... My typical internet usage is just email, ...
    (comp.security.firewalls)
  • Re: Possible firewall problem?
    ... > My typical internet usage is just email, ... Stateful inspection, like most things, is good and bad. ... gives the firewall another tool to use in securing your PC, ... packet filtering and generic rules based filtering, ...
    (comp.security.firewalls)
  • Re: Is a DMZ necessary?
    ... >> The spec sheet says stateful inspection, ... > I've worked with just about every firewall appliance on the market over ... series units are proxy based. ...
    (comp.security.firewalls)