Firewall Wizards mailing list archives

Re: Term Explanation

From: Robert Graham <robert_david_graham () yahoo com>
Date: Thu, 10 Feb 2000 12:19:05 -0800 (PST)

The word "dynamic" was coined to contrast with the normal "static" rules in a
firewall that we all know and love.

Dynamic rules are needed because:
1) Ports are a poor way of identifying protocols (and getting poorer)
2) Whereas most communication uses only outbound connections, some (like FTP)
use multiple connections in both directions.

In the case of FTP, the client creates an outbound connection to the server,
then the server creates seperate inbound connections in order to transfer files
to the client. Static firewall rules would block this incoming connection,
dynamic rules monitor the state and temporarily change the static rules just to
allow that connection.

An example of a "dynamic" rule is "block all incoming connections, but if the
user has established a connection to port 21 on a server, then allowing
incoming TCP connection from the server port 20 to ports higher than 1024 on
the client". (This solves the classic FTP problem).

A specific type of "dynamic" rule is one where the firewall does protocol
analysis at layers higher than TCP. To contrast with the example above, the
firewall might analyze the FTP connection connection looking for the PORT
command. (The "PORT" command is the FTP protocol whereby the client tells the
server which port is has opened to receive a file on).

Checkpoint calls this protocol analysis "stateful packet inspection". Other
vendors do similar stuff, but call it different names.

PS: This text taken from:
http://www.robertgraham.com/pubs/hacking-dict.html#dynamic-filter


--- jmfreema () cscploenzke de wrote:

I've been seeing a lot of information of various firewall products, and
require
a bit of help from the people that know.  Can someone give me a brief
explanation of the following:

   dynamic packet filtering
   stateful inspection


TIA


=====
Robert Graham  http://www.robertgraham.com/pubs
__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com

Current thread:

Term Explanation jmfreema (Feb 10)
- <Possible follow-ups>
- RE: Term Explanation Irwin Lazar (Feb 11)
- Re: Term Explanation Robert Graham (Feb 11)
- Re: Term Explanation Valerie Anne Bubb (Feb 11)
- RE: Term Explanation Ben Nagy (Feb 11)