On Thu, 19 Apr 2001, JS Wong wrote:
> For the firewalls I've played with, at least, stateful inspection
> doesn't work for the UDP protocol because it's connectionless.
yes, UDP (and ICMP) are stateless. the firewall usually uses timing and
unique identifiers in the packet headers (ie DNS query id's, ICMP packet
headers, the like) to qualify packets. this is somewhat easily abused, but
... it works usually.
____________________________
jose nazario [EMAIL PROTECTED]
PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
PGP key ID 0xFD37F4E5 (pgp.mit.edu)
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
- Re: stateful inspection Bernd Eckenfels
- Re: stateful inspection Jose Nazario
- Re: stateful inspection Michael H. Warfield
- Re: stateful inspection Bernd Eckenfels
- Re: stateful inspection Jose Nazario
- Re: stateful inspection Michael H. Warfield
- Stateful Inspection Swamy Patil
- RE: Stateful Inspection elsasser
- stateful inspection Swamy Patil
- Re: stateful inspection JS Wong
- Re: stateful inspection Jose Nazario
- Re: stateful inspection rcuetara
- Re: stateful inspection Chris . Hastings
- Re: stateful inspection Bill_Royds
- Re: stateful inspection Bernd Eckenfels
- Stateful Inspection Swamy Patil
- Re: Stateful Inspection Dave Wreski
- Stateful Inspection Stuart Teo
