Firewall / active filter question
JARiley at dstsystems.com
JARiley at dstsystems.com
Fri Dec 13 22:12:49 CST 2002
Hey, if you laid awake 12-13 years ago thinking, you might be a very rich
man right now (well, actually since you are part of the open source
community, you would have given your idea away and not become a rich man,
hehe). Check Point paved the way for stateful inspection firewalls back
then. With brainstorming like you did about something you say you don't
know a lot about, you came up with a great thought. So, keep
brainstorming.
James
Jared Smith
<jared at trios.org> To: <kclug at kclug.org>
Sent by: cc:
owner-kclug at marauder.i Subject: Firewall / active filter question
lliana.net
12/13/2002 11:04 AM
Please respond to
Jared Smith
I don't know much about firewalls, so forgive me
if I'm suggesting something that already exists or
is not technically possible.
As I understand firewalls, they block all ports
except those specifically opened, and they forward
IPs to internal addresses, therefore masking
what's happening on the inside of the network.
This is passive. What I lay awake last night
thinking was, what about filtering in an active
manner? With an active filter, the only packets
acceptible are those which have been specifically
requested. You'd have a buffer which kept track of
all outgoing requests, and waited for a few minutes
to receive them. Everything else would be rejected.
Seems like this would make it impossible for people
to hack in, unless they were actively monitoring
outgoing packets. While this wouldn't work for a
server (which needs to accept arbitrary hits), it
would work for a surfer.
Does this already exist?
-Jared
More information about the Kclug
mailing list