tailieunhanh - Packet Filtering

A border router configured to pass or reject packets based on information in the header of each individual packet can theoretically be configured to pass/reject based on any field but usually done based on: protocol type IP addres TCP/UDP port Fragment number Source routing information | Packet Filtering CS-480b Dick Steflik Stateless Packet Filters A border router configured to pass or reject packets based on information in the header of each individual packet can theoretically be configured to pass/reject based on any field but usually done based on: protocol type IP address TCP/UDP port Fragment number Source routing information Protocol Filtering Filtering based on the IP protocol field allows rejecting of entire protocol suites UDP TCP ICMP IGMP This is almost too general ex suppose you block UDP then any TCP based application won’t be able to convert host/domain to IP address so it is seldom used. IP Address Filtering Pass/reject packets based on membership in a set of acceptable IP addresses Usually not used to block specific hosts oscar is frequently blocked so corporate users can use AIM same for some disk backup services Usually block source routed packets big security hole (explained later) If a hacker knows an address that the filter will pass they can . | Packet Filtering CS-480b Dick Steflik Stateless Packet Filters A border router configured to pass or reject packets based on information in the header of each individual packet can theoretically be configured to pass/reject based on any field but usually done based on: protocol type IP address TCP/UDP port Fragment number Source routing information Protocol Filtering Filtering based on the IP protocol field allows rejecting of entire protocol suites UDP TCP ICMP IGMP This is almost too general ex suppose you block UDP then any TCP based application won’t be able to convert host/domain to IP address so it is seldom used. IP Address Filtering Pass/reject packets based on membership in a set of acceptable IP addresses Usually not used to block specific hosts oscar is frequently blocked so corporate users can use AIM same for some disk backup services Usually block source routed packets big security hole (explained later) If a hacker knows an address that the filter will pass they can easily forge a packet that will pass through the filter Port Filtering Most commonly used filtering method can also be thought of as protocol filtering as most ports below 1024 relate to specific high level protocols pass all but those specified reject all but those specified Important ports/protocol to block: telent NetBIOS POP NFS X Windows Windows Terminal Services pcAnywhere and VNC Source Route Filtering Source routed packed should never be allowed into your network Source routing was added to IP to accommodate debugging Allows you to specify the path a packet will take through your network Strict Source Routing Specifies the exact path to be taken Loose Source Routing Indicates one or more hosts the packet must go through A hacker can plug in their own address and force packets to travel through a machine that they can sniff Loose Source Routing A packet is given a list of hops to be taken Each packet carries same source address, destination is whatever the next IP in the hop path .