Ip-filter comes with stateful packet filtering. In the TCP case, the state engine not only inspects the presence of ACK flags, or looks at source and destination ports, but it includes sequence numbers and window sizes in its filtering decision. This greatly reduces the window of opportunity for malicious packets to be passed through the packet filter.
The original state engine had a number of problems. This speech will shortly discuss these problems and then move on to the design of the new state engine. This will be followed by discussing implementation consequences. The session will conclude with experiences with the state code, and future work on the state code.
Network administrators that are interested in the inner workings of one of the most popular packet filters should attend this talk. A little knowledge on TCP/IP is assumed.
Guido van Rooij is married and has 3 wonderful children. In his
spare time, he is the head of Origin's firewall/dial-in development
group. He graduated in Discrete Mathematics at Eindhoven University
of Technology and started working as a software developer on medical
systems, OCR equipment and numerical controls. In 1995 he joined
Philips to work on Internet related systems with emphasis on
security. He is co-founder of the Digital City of Eindhoven as
well as Internet Access Eindhoven, a local ISP. Furthermore, he
has been security officer of FreeBSD and was as such part of the
FreeBSD core team.