Re: [FW-1] stateful inspection

[Stéphane Blais <sblais@FW1-NOSPAMCITT-TCCE.GC.CA>]

Hi, I got this description from webopedia.com and it help me understand it
a little better.

http://www.webopedia.com/TERM/S/stateful_inspection.html

*QUOTE*
Also referred to as dynamic packet filtering. Stateful inspection is a
firewall architecture that works at the network layer. Unlike static packet
filtering, which examines a packet based on the information in its header,
stateful inspection tracks each connection traversing all interfaces of the
firewall and makes sure they are valid. An example of a stateful firewall
may examine not just the header information but also the contents of the
packet up through the application layer in order to determine more about
the packet than just information about its source and destination. A
stateful inspection firewall also monitors the state of the connection and
compiles the information in a state table. Because of this, filtering
decisions are based not only on administrator-defined rules (as in static
packet filtering) but also on context that has been established by prior
packets that have passed through the firewall.
As an added security measure against port scanning, stateful inspection
firewalls close off ports until connection to the specific port is
requested.

Check Point Software is credited with coining the term stateful inspection
in the use of its FireWall-1 in 1993.
*END QUOTE*

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================