RE: Stateful inspection

• From: "John Tolmachoff" <isalist@xxxxxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 30 Oct 2002 15:45:11 -0800

Aside from the rude awakening Tom provided:

 

>This filter would allow the packets to reach the http server, but not the
response to be sent back.

 

Incorrect. The originator is a client on the Internet. He points his browser
to your Webserver in the DMZ zone, which is reachable because you configure
an inbound rule. In ISA, that request has now created a session. Data will
flow within that session both ways, until the session is ended by the
client, or a time out rule kills it. What stateful packet does is compare
the request, and only allows a corresponding reply that matches the
information. This prevents from the outgoing data to be tampered with.

 

A better example is a typical home user behind say a Linksys Cable/DSL
router. The Linksys is blocking all inbound traffic, but outbound is
unregulated. Mr. Joe goes to www.mydomain.com <http://www.mydomain.com/>
and is presented with a web page. He made a request and the Linksys router
allowed it out. The reply was the data and pictures and such that compose
the web page. Fine. But now he goes to www.hacksareus.com
<http://www.hacksareus.com/>  and is presented with a web page again. This
time, in the coding of the web page is a command to delete the %systemroot%
directory. Bam. His computer is compromised. With Stateful packet
Inspection, the firewall would monitor the data flow and see that there was
an action or code in the reply that was not part of the request, and thereby
drop it.

 

>Can I take your SMTP example as a confirmation of the above?

 

Yes, it is an example of allowed one direction origination which will
include two way communications within that session.

 

How about this, the rules allow who can originate the session. The session
will always have two way communications, whether there is stateful packet
inspection or not.

 

John Tolmachoff  MCSE, CSSA

IT Manager, Network Engineer

701 S. Euclid

La Habra, CA  91631

562-694-4800, ext. 104

jtolmachoff@xxxxxxxxxxxxxxxx

www.reliancesoft.com <http://www.reliancesoft.com/> 

 

 

 

• » Stateful inspection
• » RE: Stateful inspection
• » RE: Stateful inspection
• » RE: Stateful inspection
• » RE: Stateful inspection
• » RE: Stateful inspection
• » RE: Stateful inspection
• » RE: Stateful inspection
• » RE: Stateful inspection
• » RE: Stateful inspection
• » RE: Stateful inspection
• » RE: Stateful inspection
• » RE: Stateful inspection
• » RE: Stateful inspection
• » RE: Stateful inspection
• » RE: Stateful inspection

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription