Stateful inspection is what every half decent firewall these days uses.. basically in the old days, firewalls were dumb... they merely matched a packet with the ruleset and then either dropped or accepted it.. stateful inspect means the firewall maintains an internal state table which tracks the status of the connection.. it 'understands' that a packet is part of a previously established connection, and thus lets it pass... so lets say you tried to send an ACK packet past the firewall, it would be smart enough to know that this packet is not a part of a previously established connection so it will not let it go...
In short.. it tracks what connections are open and allows their packets to pass.. this can also save on processing time as if a packet matches a particular connection, it doesnt need to be checked against the other rules since that connection has already been allowed.
I'm sorry I know I'am new around here. But isn't there a difference between stateful packet inspection en stateful packet filtering? I believe that stateful packet inspection builds on stateful packet filtering (what has been defined above) and also has the ability to check payload within a packet. This allows to check that the content matches the expected service it is communicating with.
Re: What is Stateful Packet Inspection ?
14 years 11 months ago #2986
Stateful Packet Inspection is a packet filtering technique that intercepts packets until there are enough from a given location to determine the state of the incoming connection. Once enough packets have been gathered and are cleared, they are forwarded to the internal address, which allows communication directly between the internal and external addresses. Stateful packet inspection firewalls are generally faster than application-based firewalls.
~~~~~~ oOo ~~~~~~
"£ôve has nôthing tô dô with what yôu are expecting tô get,
it's what yôu are expected tô give -- which is everything."
"£ôve is patient and kind;
It is nôt jealôus ôr prôud;
£ôve is nôt selfish ôr irritable;