I am ECE student studying about computer networks. And I now stumbled upon a topic called firewall in network security which I believe is really tough to understand.
The slides used by me here are these 2-:
I will list my confusions one by one-:
1) They say stateless packet filter firewall doesn't compare packets. What do we get by comparing packets?
2) They say stateless packet filter is suspectible to SYN and Ping flood attacks, why so?
Can you give one example of how attack could be done to this stateless firewall and why?
3) Being aware of context of packets make them less suspectible to flood attacks. Why?
4) I don't understand this example of stateful firewall. How is this stateful firewall? "Connections are only allowed through ports that hold open connectionss"..
5) How is this application gateway example? "Allow select internal users to telnet outside .
a) Require all telnet users to telent through gateway.
b) For authorized users, gateway sets up telnet connection to destination, host. Gateway relays data between 2 connections.
c) Router filter blocks all telnet connections not originating from gateway. I understand really nth what these all mean. Can you help me understand this?
What I already know?
Stateless packet filtering firewall works by examining packet's source address, destination address, source port, destination port, protocol type,ACK, SYN flag.
It looks at only packets headers, not payloads.
Doesn't maintain state about packets.
Doesn't pay attention if packet is a part of existing traffic. (I am bit confused about this).
Stateful packet filtering-:
it can look contents of packet.
application gateway-:
A program that runs on a firewall. ??? What do we mean by program that runs on firewall. How is that firewall if that runs on firewall? I am unsure about it...I can't visualize what's going on here tbh...
this filters packet on application data(what application data?) as well as IP/TCP/UDP fields.