Stateful Filtering or Stateful Inspection also termed as dynamic
packet filtering is a technique developed by checkpoint software technologies
in 1993.
Stateful Inspection is a firewall Technique that keeps track of the state of network connections (such as TCP streams, UDP communication) traveling across it.In Stateful Inspection a packet is checked up to network layer down from application layer and the complete record of connection is recorded in a stateful table. The incoming packets are filtered (Allowed or dropped) based on that table.
Stateful filtering is better than legacy static packet filtering (only packet header is checked based on the administrator defined rule) because in static packet filtering if a hacker can simply change the header to “reply”, he can get information through the firewall while in stateful inspection not only the header but port number, IP Address etc. of the connection are also recorded and ports are closed until defined by an establishing connection. This also mitigates a well-known hacking technique called as port scanning in which a hacker searches an unused open port and attacks the host through that port.
 |
| How Stateful Filtering Works |
Finally by default all the incoming (inbound) traffic to the router is denied except traffic for which request is generated from inside the network this is called as stateful or dynamic packet filtering.
How to Perform Stateful filtering/Dynamic Packet Filtering
It is very informative.
ReplyDeleteThanks Junaid Pasha.
Delete