Firewalls: Screening routers and ACK packets

Firewalls
(August 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Screening routers and ACK packets
From:	Andrew Foss <afoss @ translation . com>
Date:	Thu, 31 Aug 1995 12:23:18 -0700
To:	firewalls @ greatcircle . com

Is my understanding correct that a filtering router has to allow any inbound
packets with the ACK bit set in as long as it's to an allowed port #,
regardless of the actual state or existence of a real connection?

Please excuse my ignorance in this matter, but if that's the case are than
any router/filtering packages/combinations that can prevent that? If not,
how great a security concern is it?

thanks in advance,
andrew
Andrew Foss                                         Tel.  415/494-NETS(6387)
Network Translation Inc.                            Dir.  415/855-0725
1901 Embarcadero Rd.                                FAX   415/424-9110
Palo Alto, CA 94303                                 email afoss @
 translation .
 com
                                                    web   www.translation.com

Indexed By Date	Previous:	Re: HannaH from SecureWare Inc. From: gary flynn <gary @ habanero . jmu . edu>
Indexed By Date	Next:	Re: How to config CERN as FTP Proxy From: peter @ nmti . com (Peter da Silva)
Indexed By Thread	Previous:	location of xinetd diffs - listening on selected interfaces From: Neil Todd <toddn @ gb . swissbank . com>
Indexed By Thread	Next:	Re: Screening routers and ACK packets From: "Stephen H. Goldstein" <steveg @ cseic . saic . com>