adam's notes

Packet Filtering Firewalls

Packet filtering firewall is a Layer 3 firewall technology that compares packet headers against ACLs to determine which network traffic to accept.

  • packet filtering describes an earlier type of firewall
    • all firewalls still perform this basic function
  • configured by specifying rules in a network access control list (ACL)
    • each rule defines:
      • a specific type of data packet
      • the appropriate action to take when a packet matches the rule
  • works at layer 3 of OSI model to inspect headers of IP packets
    • rules can be based on information found in those headers:
      • IP filtering
        • accepting or denying traffic based on its source or destination IP address
      • Protocol ID/type
        • TCP, UDP, ICMP, routing protocols, etc.
      • Port filtering/security
        • accepting or denying a packet based on source and destination Transport layer port numbers
  • actions:
    • accept/permit
      • allows packet to pass
    • drop/deny
      • silently discards the packet
    • reject
      • blocks packet but responds to sender with an ICMP message
        • e.g., “port unreachable”

Info

Port numbers are contained in TCP/UDP headers (layer 4) rather than IP datagram header

  • packet filtering firewalls are still described as working at layer 3
  • they can only inspect the port numbers in layer 4 headers
  • ACLs control only inbound traffic, only outbound, or both
    • referred to as “ingress” and “egress” traffic or filtering
    • ingress and egress traffic is filtered using separate ACLs
    • controlling outbound traffic can:
      • block applications that have not been authorized to run on the network
      • defeat malware such as backdoors
  • Packet filtering firewall is stateless
    • it does not preserve information about the connection between two hosts
    • each packet is analyzed independently with no record of previously processed packets
    • requires the least processing effort
    • can be vulnerable to attacks that are spread over a sequence of packets
    • can introduce problems in traffic flow
      • especially when load balancing is being used or when clients or servers need to make use of dynamically assigned ports

Weakness

Since the packet filtering firewall examines each packet individually and not in concert with the rest of the packets making up the traffic, an attacker could slip attacks through this type of firewall by sending attack traffic that spans more than one packet

Graph View

Backlinks