Home page logo
/

basics logo Security Basics mailing list archives

RE: Stateful Packet Inspection
From: Steven Trewick <STrewick () joplings co uk>
Date: Wed, 21 Apr 2004 15:50:39 +0100


Sadly no,

You are somewhat off base.

A report of 'stealth' simply means that the device that the TCP
probe was aimed at ignored the packet completely, rather than sending 
a RST packet.  (This actually breaks the TCP RFCs)

This is equivalent to a '-j DROP' rule in ipchains (et al).

It is by no means an indication of the firewall doing SPI,
(handling packets based on payload) it simply means that packets are 
being dropped in the bit bucket.

HTH


-----Original Message-----
From: Paul Kurczaba [mailto:paul () myipis com]
Sent: 20 April 2004 13:04
To: security-basics () securityfocus com
Subject: Stateful Packet Inspection


I have set up a free online security scanning site located at 
http://scan.myipis.com. One of the ports that it probes is 
the clients source port. Am I correct in saying, that if the 
status of the source port is "stealth", the remote firewall 
uses Stateful Packet Inspection; and if the status is 
"closed", the firewall does not use Stateful Packet Inspection?

-Paul Kurczaba

--------------------------------------------------------------
-------------
Ethical Hacking at the InfoSec Institute. Mention this ad and 
get $545 off any course! All of our class sizes are 
guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert 
instructors. 
Attend a course taught by an expert instructor with years of 
in-the-field pen testing experience in our state of the art 
hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your 
organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
--------------------------------------------------------------
--------------

---
Incoming mail checked for known viruses
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.659 / Virus Database: 423 - Release Date: 15/04/04
 



</code>
The information contained in this e-mail is confidential and may be privileged, it is intended for the addressee only. 
If you have received this e-mail in error please delete it from your system. The statements and opinions expressed in 
this message are those of the author and do not necessarily reflect those of the company. Whilst Joplings Group 
operates an e-mail anti-virus program it does not accept responsibility for any damage whatsoever that is caused by 
viruses being passed.
joplings.co.uk


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]