RE: Stateful Packet Inspection

[Steven Trewick <STrewick () joplings co uk>]

Sadly no,

You are somewhat off base.

A report of 'stealth' simply means that the device that the TCP
probe was aimed at ignored the packet completely, rather than sending 
a RST packet.  (This actually breaks the TCP RFCs)

This is equivalent to a '-j DROP' rule in ipchains (et al).

It is by no means an indication of the firewall doing SPI,
(handling packets based on payload) it simply means that packets are 
being dropped in the bit bucket.

HTH


> -----Original Message-----
> From: Paul Kurczaba [mailto:paul () myipis com]
> Sent: 20 April 2004 13:04
> To: security-basics () securityfocus com
> Subject: Stateful Packet Inspection
>
>
> I have set up a free online security scanning site located at 
> http://scan.myipis.com. One of the ports that it probes is 
> the clients source port. Am I correct in saying, that if the 
> status of the source port is "stealth", the remote firewall 
> uses Stateful Packet Inspection; and if the status is 
> "closed", the firewall does not use Stateful Packet Inspection?
>
> -Paul Kurczaba
>
> --------------------------------------------------------------
> -------------
> Ethical Hacking at the InfoSec Institute. Mention this ad and 
> get $545 off any course! All of our class sizes are 
> guaranteed to be 10 students or less 
> to facilitate one-on-one interaction with one of our expert 
> instructors. 
> Attend a course taught by an expert instructor with years of 
> in-the-field pen testing experience in our state of the art 
> hacking lab. Master the skills 
> of an Ethical Hacker to better assess the security of your 
> organization. 
> Visit us at: 
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> --------------------------------------------------------------
> --------------
>
> ---
> Incoming mail checked for known viruses
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.659 / Virus Database: 423 - Release Date: 15/04/04
>  


</code>
The information contained in this e-mail is confidential and may be privileged, it is intended for the addressee only. 
If you have received this e-mail in error please delete it from your system. The statements and opinions expressed in 
this message are those of the author and do not necessarily reflect those of the company. Whilst Joplings Group 
operates an e-mail anti-virus program it does not accept responsibility for any damage whatsoever that is caused by 
viruses being passed.
joplings.co.uk


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------