Darksat IT Security Forums

Hardware, Software and Security => IT Security Forum => Topic started by: Darksat on August 24, 2006, 04:13:43 am

Title: Is your Firewall statefull ?
Post by: Darksat on August 24, 2006, 04:13:43 am
Ok today we are going to cover the advantages of a statefull firewall over a non statefull firewall.
The advantages of a statefull firewall are very big.
I can stealth scan an entire network through a non statefull firewall using the Ack scan method, shut it down remotely, or even crash the target machine.
Non statefull firewalls can be shut down by flooding them with ack packets, where as statefull firewalls have an inbuilt memory that records all outgoing Syn packets and only accepts ack packets if they match up the Ip for the SYn packets.

Stateless firewalls are called so because it has no memory of context for connection states.
 Each connection through it is a new connection, however a stateful firewall remembers the context of connections and continuously updates this state information in dynamic connection tables.
This can be a very good thing because a hacker trying to gain access through a firewall has less chance of forging entry as part of a valid series of connections because the context shows that the additional connection does not make sense in the context of the legitimate user.
Saying that though some statefull firewalls can be crashed by using a syn overflow in an attempt to overload the dynamic connection table.
although a good statefull firewall should be immune to such attacks.

Title: Re: Is your Firewall statefull ?
Post by: solidghost on August 25, 2006, 08:45:39 am
SO it's very likely that those consumer grade routers that is available in the market are stateless right ?

Title: Re: Is your Firewall statefull ?
Post by: Darksat on August 25, 2006, 09:44:38 am
It depends on the router.
With regards Wifi Routers.
Most WIFI  B series (if not all)are stateless.
A lot of G series ones though have some form of SPI (statefull packet inspection)
All Nat firewalls have BASIC statefull inspection but proper SPI routers are much more secure.