Firewall Wizards mailing list archives
RE: FW Sequence Number based statefulness
From: Nimesh vakharia <nvakhari () clio rad sunysb edu>
Date: Mon, 14 May 2001 17:01:59 -0400 (EDT)
Thanks, but the white paper is not clear how it maintains state using sequence numbers? What does the firewall do in case it sees an out of sequence packet(s)? Nimesh. On Mon, 14 May 2001, Peter Crocker wrote:
You should expect this from any firewall product that does stateful inspection of packets. You should also expect a lot more than just sequence number checking. For example, here is how NetScreen implements stateful inspection: http://www.netscreen.com/products/firewall_wpaper.html Regards, Peter -----Original Message----- From: Carson Gaspar [mailto:carson () taltos org] Sent: Sunday, May 13, 2001 12:08 AM To: Nimesh vakharia; firewall-wizards () nfr com Subject: Re: [fw-wiz] FW Sequence Number based statefulness --On Thursday, May 10, 2001 9:16 PM -0400 Nimesh vakharia <nvakhari () clio rad sunysb edu> wrote:Are there any firewalls out there that maintain state using sequence numbers in addition to port/IP etc..?Darren Reed's free ipfilter does. I'm fairly sure the PIX does (since it can re-write sequence numbers), but I can't be certain (love that Cisco documentation...). -- Carson _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: FW Sequence Number based statefulness Peter Crocker (May 16)
- RE: FW Sequence Number based statefulness Nimesh vakharia (May 16)
- RE: FW Sequence Number based statefulness Carson Gaspar (May 16)
- RE: FW Sequence Number based statefulness Ofir Arkin (May 16)
- <Possible follow-ups>
- RE: FW Sequence Number based statefulness Nimesh vakharia (May 16)