Security Portal: Firewalls - The Network Filter and ProxyFeb 14, 2001, 21:16 (2 Talkback[s])
(Other stories by Kurt Seifried)
"Network firewalls are by far the most common. They can be implemented on virtually any operating system that has a network stack. The first network firewalls were (and some still are) non-stateful - that is, each packet was examined individually, the firewall having no concept of the packet's larger identity. For example, it could be the return packet from a connection established by an internal client, or it could be a random packet sent by an attacker."
"This lack of state means that for outgoing connection to work for, say, telnet, you would have to allow incoming data from the telnet port (port 23, TCP). This means that an attacker could simply make their data packets come from port 23 on their machine, and they would punch right through your firewall - assuming you did not differentiate between SYN and ACK packets, of course."
"For connectionless protocols such as DNS, you have to create all kinds of rules to allow internal clients to query external servers and receive an answer. Here again, an attacker could scan your network with relative ease."
0 Talkback[s] (click to add your comment)