Real Stateful Tcp Packet Filtering In Ip-Filter

No ratings

Presented at 10th USENIX Security Symposium 2001 by

Guido Rooij

Ip-filter, an open-source packet-filtering engine, is available for a number of operating systems. Ip-filter comes with stateful packet filtering. In the TCP case, the state engine not only inspects the presence of ACK flags or looks at source and destination ports, but includes sequence numbers and window sizes in its filtering decision. This greatly reduces the window of opportunity for malicious packets to be passed through the packet filter. This talk will briefly discuss problems with the original state engine and then move on to the design of the new state engine and some implementation consequences. It will conclude with experiences with the state code and future work.