OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: (no subject)
From: jianglee21cn.com
Date: Thu Oct 12 2000 - 10:43:19 CDT

Dear Sir:
We want to design a "stateful inspection" method for
our software firewall (For NT).

---- FW-1 CONNECTIONS TABLE ---

Src_IP Src_Prt Dst_IP Dst_Prt IP_prot Kbuf Type Flags Timeout
192.168.7.131 10003 207.229.143.8 25 6 0 16385 02ffff00 2845/3600
192.168.7.131 10002 207.229.143.8 24 6 0 16385 02ffff00 2845/3600
192.168.7.131 10001 207.229.143.8 23 6 0 16385 02ffff00 2845/3600

In this table,I don't know the meaning of "Kbuf","Type" and "Flags".
Can you tell me? Or tell me How I can find the answer.

Lance said "Another thing I learned, stateful inspection for FW-1 looks only at Source/Destination IP and Port numbers for determining a session. It does NOT care about sequence numbers, as I was making up all sorts of whacked out sequence numbers, which the firewall accepted. "

I have a question:
Does stateful inspection for FW-1 look only at Source/Destination IP and Port numbers for determining a session ?
Does stateful inspection for FW-1 look only at Source/Destination IP and Port numbers of a packet to judge if this packet is a part of a session in connection table ?

Thanks.
           jianglee
           10.12.2000
----------------------------------------------
欢迎使用 21CN 电子邮件系统 http://www.21cn.com
Thank you for using 21cn.com Email system

-
[To unsubscribe, send mail to majordomolists.gnac.net with
"unsubscribe firewalls" in the body of the message.]