Re: Term Explanation

From: Robert Graham (robert_david_grahamat_private)
Date: Thu Feb 10 2000 - 12:19:05 PST

Next message: Ben Nagy: "RE: Term Explanation"

Previous message: Valerie Anne Bubb: "Re: Term Explanation"
Maybe in reply to: jmfreemaat_private: "Term Explanation"
Next in thread: Ben Nagy: "RE: Term Explanation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The word "dynamic" was coined to contrast with the normal "static" rules in a
firewall that we all know and love.

Dynamic rules are needed because:
1) Ports are a poor way of identifying protocols (and getting poorer)
2) Whereas most communication uses only outbound connections, some (like FTP)
use multiple connections in both directions.

In the case of FTP, the client creates an outbound connection to the server,
then the server creates seperate inbound connections in order to transfer files
to the client. Static firewall rules would block this incoming connection,
dynamic rules monitor the state and temporarily change the static rules just to
allow that connection.

An example of a "dynamic" rule is "block all incoming connections, but if the
user has established a connection to port 21 on a server, then allowing
incoming TCP connection from the server port 20 to ports higher than 1024 on
the client". (This solves the classic FTP problem).

A specific type of "dynamic" rule is one where the firewall does protocol
analysis at layers higher than TCP. To contrast with the example above, the
firewall might analyze the FTP connection connection looking for the PORT
command. (The "PORT" command is the FTP protocol whereby the client tells the
server which port is has opened to receive a file on).

Checkpoint calls this protocol analysis "stateful packet inspection". Other
vendors do similar stuff, but call it different names.

PS: This text taken from:
http://www.robertgraham.com/pubs/hacking-dict.html#dynamic-filter

--- jmfreemaat_private wrote:
> I've been seeing a lot of information of various firewall products, and
> require
> a bit of help from the people that know.  Can someone give me a brief
> explanation of the following:
> 
>    dynamic packet filtering
>    stateful inspection
> 
> 
> TIA
> 
> 
> 

=====
Robert Graham  http://www.robertgraham.com/pubs
__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com

Next message: Ben Nagy: "RE: Term Explanation"
Previous message: Valerie Anne Bubb: "Re: Term Explanation"
Maybe in reply to: jmfreemaat_private: "Term Explanation"
Next in thread: Ben Nagy: "RE: Term Explanation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:03:06 PDT