didyap Wed, 04/23/2008 - 06:25
User Badges:
  • Silver, 250 points or more

In general, firewalls are of two types: packet-filtering firewalls, and application-level firewalls. Packet filters look at the source, destination, types, and options associated with the packet, while an application levelfirewall can "look inside" the packet to examine application-specificattributes Eith packet-filtering firewalls (which are much more common), including routers acting as packet filters.

For example, if an attacker sends a packet (with the SYN bit set) to a victim server, the firewall will not relay this packet to the victim because the firewall's

rules only allow packets with the SYN bit set to originate from certain hosts. As a result, the three-way handshake will not be completed, and the attacker will

not be able to establish a connection with a host behind the firewall. This method of filtering SYN packets is typically the method used by packet-filtering firewalls

to prevent certain hosts from "getting past the firewall."

Packet filtering gateways are the easiest to configure for ICA (Intelligent Console Architecture) but provide the least security. A packet filter analyzes each IP

packet at the network layer and determines whether to pass or block it based on a set of rules. A packet filtering gateway is not really a firewall but more of an

intelligent router. If the packet filter has a rule specified in its rule base that allows communication between two specific addresses, packets are allowed to

travel through the firewall to the specified address. If no rule is available for a given address, the packet is rejected and not allowed to pass through the firewall.


This Discussion