Even easier, run nmap -p0 -sA ... from the public towards on server on the
private side (like an internal web server). Nmap will send a TCP ACK
without an established connection. If you received a RST packet, you are
not stateful.
Else, you are at least keeping one state.
But, being stateful at layer 4 is more complex than that: do you check
sequence number ? what about IP fragmentation ?
and what about L7 states ?
There is no easy answer
-eric
At 09:10 12/03/2002 -0500, Jose Nazario wrote:
>On Tue, 12 Mar 2002, ·ç·ç wrote:
>
> > how to determine whether a firewall is stateful or just a simple
> > packet filter? because of job ,I am eager to make clear of it. I will
> > be very appreciate if someone can tell me.
>
>quite simple, really: you can send 'response' packets to stimuli that
>never were sent (ie a SYN-ACK) and watch for a response from the target
>(ie a RST).
>
>____________________________
>jose nazario jose_at_cwru.edu
> PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
> PGP key ID 0xFD37F4E5 (pgp.mit.edu)
>
>_______________________________________________
>firewall-wizards mailing list
>firewall-wizards_at_nfr.com
>http://list.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_nfr.com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Received on Mar 15 2002
Intro
