William Cooper wrote:
> UDP is connectionless, which my limited understanding leads me to believe
> that UDP packers lack the sequene numbers of TCP packets. each UDP
> packet, i believe, is traditionally looked at only individually.
Correct, for header info, UDP uses source port, destination port, length and
checksum (checksum seldom used). Besides missing the sequence and
acknowledgment numbers you are also missing the control bits or flag field.
Under TCP, this is how you identify a connection being established or a reply
(i.e. UDP does not use the three packet handshake).
> if you
> were trying to proxy 3 UDP connections i don't think it's possible, using
> traditional means, to figure out which packets belong to which of the 3
> UDP connections.
Actually, you can. The proxy simply has to track source port numbers. It would
give each session a different source port on the Internet side.
> checkpoint and other (i think?) firewall companies have tried to secure
> UDP connections w/ "stateful" inspection, which means examining each
> packet "in context" with all other packes received (available in
> logs/state tables.) now we can, using state info, figure out which UDP
> packets are part of which UDP applicatoin connections and attempt to
> secure the connections in this manner.
Correct. So long as state is maintained and the packet is examined "in
context" with the rest of the session traffic, a relatively secure UDP
connection can be created.
> i'm not terribly familiar w/ this but i hope that some of that is correct,
> someone will correct what's not, and that some of that helps.
Someone's been on this list for a while, eh? ;)
Multiprotocol Network Design & Troubleshooting
Support the anti-spam movement: http://www.cauce.org/