Stateful Packet Inspection (SPI) keeps track of TCP and UDP connections through a state table containing details like source/destination IPs and ports, sequence numbers, and timestamps. It allows established connections from inside to outside but blocks new connections initiated from outside. SPI can detect replayed packets through unexpected sequence numbers or timestamps. By default, the firewall also filters anonymous internet requests, IDENT port 113 requests, and starts dropping connections initiated from outside.
Report
Share
Report
Share
1 of 3
More Related Content
Firewall
1. Stateful Packet Inspection (on by default)
◦ The firewall function keeps track of TCP and UDP connections
made by network applications
◦ The firewall maintains a state table and the details of each
connection (source IP and port, destination IP and
port, sequence no and timestamp)
Connections from the inside network to the outside are permitted
and monitored
Reply traffic on an existing connection for inside network from the
outside is permitted
New connections from the outside to the inside network are NOT
permitted
◦ Stateful Packet Inspection can detect replayed packets by
unexpected sequence numbers and timestamps
2. Filter anonymous Internet Requests (on by default)
◦ Drops pings from outside hosts and drops connection requests from
the outside
Filter Multicast (Off by default)
◦ Multicast traffic is sent to many hosts that are configured as part of a
multicast group by registering with the multicast application
◦ Multicast is used to stream multimedia by allowing 1 stream to be sent
to the router/switch and then the stream is copied to each registered
host
◦ Disable filtering to permit multicast traffic
◦ Enable filtering to prevent multicast DOS attacks
Filter Internet NAT Redirection (disabled)
◦ Block access to other local hosts from a local computer connection via
the external NAT address
Filter IDENT Port 113 (on by default)
◦ Drops IDENT requests which ask for info: local and remote ports, OS
and username
3. SPI is Stateful Packet Inspection
◦ On by default
By default
◦ Drop connections
starting from the outside
Drop request for identity
info on Port 113
Web filter for proxy, java,
activeX and cookies