|
Full Disclosure
mailing list archives
Re: Stateful Packet Inspection
From: whiplash <whiplash () despammed com>
Date: Tue, 03 Aug 2004 22:46:17 +0200
Goetz Von Berlichingen wrote:
The original message has some merit with respect to netfilter - the
Linux kernel firewall is capable of looking at headers only.
Really funny.
Try and explain, then, how Linux netfilter correctly recognizes, nats and keeps state
of protocols like ftp, irc/dcc, h323, pptp and so on.
This does
allow some stateful packet inspection - one can discriminate against
incoming connection attempts with --syn, for instance.
Do you have any idea of what stateful means?
This isn't
really stateful, however, since the firewall does not retain any
knowledge of the state of a connection.
Yeah, of course.
I suppose that
#lsmod | grep track
ip_conntrack_ftp 5216 1 [ip_nat_ftp]
ip_conntrack_irc 4256 1 [ip_nat_irc]
ip_conntrack 41332 4 (autoclean) [ip_nat_ftp ip_conntrack_ftp ip_nat_irc ip_conntrack_irc ipt_MASQUERADE
iptable_nat ipt_state]
is just the output of some allucination of mine. <g>
iptables is pretty much useless agains covert channels such as Loki, Q, or any of the various tunneling
packages.
A good advice for you, absolutely for free: shutdown -h now (do you know what it means, at least? <g>)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
 By Date 
By Thread
Current thread:
|
Intro
