Conditional stateful packet inspection?

Discussion in 'LnS English Forum' started by cdysthe, Dec 5, 2004.

Thread Status:
Not open for further replies.
  1. cdysthe

    cdysthe Registered Member

    Joined:
    Mar 6, 2004
    Posts:
    70
    Location:
    Austin, TX and Oslo, Norway
    Hi,

    From what I have understood (I am not an expert at all) stateful packet inspection is the way to go for maximum security. However, it doesn't work for P2P and some other stuff. I may be way off here, but why couldn't stateful packed inspection be a setting in filter rules or even for a given application? Is it either "on" or "off" for this kind of filtering, or could you potentially have a rule that opens for BitTorrent on port 6660-6600 and have stateful packet inspection turned off for this port range in the rule? Or could you have a setting for applications that turns off stateful packet inspection for the application in question?

    I may be missing something that is obvious the ones knowing a lot about firewalls and filtering. But I do not really understand why stateful packet inspection is a global setting.
     
  2. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Yes, the TCP SPI needs to work globally, considering all ports. By definition it's a global TCP feature.
    Even if it would be technically possible to exclude some ports I'm sure you will find such implementation.

    It's like the Steath status, this needs to be global, you can't say: I'd like to be stealth except on some ports.

    Frederic
     
Thread Status:
Not open for further replies.