|
Posted by JJ on December 8, 2007, 12:38 pm
If you were Registered and logged in, you could reply and use other advanced thread options
"Stateful" firewalls understand the flow of packets in a connection as
opposed to inspecting each packet by itself and not in the context of a flow
of data.
Think of a gated residential community where the security guard checks each
car before letting it into the community but doesn't care about the car
ahead of it or behind it. That is un-stateful checking.
Now think of a police officer watching a funeral procession. He sees a car
in the middle of a procession that does not have a purple flag (which is
used in the US to show a car is part of the procession). He knows that car
cut into the line and doesn't belong there, so he stops it. That is stateful
inspection. It's a much smarter way of watching the flow of data.
Stateful firewalls look at the entire flow of data to determine if any
packets are trying to get through that don't seem to belong there and will
block them.
A replay attack occurs when a malicious person (or program) records a stream
of data and then resends it for some nefarious purpose. A good firewall can
detect this. As an example, think of logging into your bank account using a
touch tone telephone and authorizing a transfer to another account. If I
tape record your phone call, I can call the bank later and replay the first
part of the tones you sent, but change the destination account by putting in
the tones corresponding to a different account number. Since I've recorded
and replayed your account number and PIN, the fraudulent transfer may go
through.
From your logs I cannot tell if these are advisory messages or were actual
problems. In any event, unless they keep recurring it probably was a hiccup
in the data transmission and can be ignored.
HTH,
Ray
> Hi,
> in my router's log messages I find:
>
> Nov 29 20:42:11 FIREWALL exact tcp state check (1 of 11): Protocol: TCP
> Src ip: x.x.x.x Src port: y Dst ip: myIP-WAN Dst port: z
>
> Nov 29 20:42:05 FIREWALL replay check (1 of 15): Protocol: TCP Src ip:
> myIP-LAN Src port: y Dst ip: z Dst port: x
>
> I recognize the two connections and they're both authorized.
>
> By the way, I'm asking:
> - What is 'exact tcp state' and what does it? Is that necessary?
> - What is 'replay check'? and what does it? Is that necessary?
>
> Thank you
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map