-----Original Message----- From: David Hiers [mailto:hie...@gmail.com] Sent: Wednesday, January 06, 2010 10:50 AM To: Brian Johnson Cc: nanog@nanog.org Subject: Re: I don't need no stinking firewall!
>Poking the dragon a bit, aren't you? Fun. >If you really look at it, there is no quantitative difference between >statefull and non-statefull. A non-stateful firewall can prevent a >TCP session from entering the SYN_RECEIVED state by blocking the SYN >packet, so it strongly impacts session state without really trying. A >statefull firewall will venture a bit deeper into the state diagram >with a few more rules, but this is mostly a quantitative difference >when viewed at a behavioral level -snip- >David +1 As mentioned before, the line has substantially blurred with what current devices (routers/load balancers) can do in hardware. Brandon L. On Tue, Jan 5, 2010 at 12:16 PM, Brian Johnson <bjohn...@drtel.com> wrote: > Security Gurus, et al, > > I have my own idea of what a firewall is and what it does. I also > understand what statefull packet inspection is and what it does. Given > this information, and not prejudging any responses, exactly what is a > firewall for and when is statefull inspection useful? > > Please respond on-list as I want to have some useful discourse and > discussion in the clear. Flamers and Trolls will be disregarded. :) > > Thank you. > > - Brian > > > CONFIDENTIALITY NOTICE: This email message, including any attachments, is > for the sole use of the > intended recipient(s) and may contain confidential and privileged > information. Any unauthorized review, > copying, use, disclosure, or distribution is prohibited. If you are not the > intended recipient, please > contact the sender by reply e-mail and destroy all copies of the original > message. Thank you. > >
