Re: [FW1] DoS question

[Alain Mouilleron <amouilleron@europarl.eu.int>]

If in a rule you allow A to speak with B, then it will automaticly accept all answer from B but only if it is a answer, not a bigining request.

Alain

>>> <Alan.Trevillion@bankofamerica.com> 09/07/99 12:33pm >>>



I just wanted to clarify a few facts on how Firewall 3.0b, patch 3064 deals with
state connection tables.
I have just read Lance's excellent white paper on how it works, but just need to
be sure on a few things.

Am I right in saying that if you send an ACK to or through the Firewall, it
checks that state connection table first and if it is NOT there, it then checks
the rulebase, then if allowed it adds the packet to it's table ?

If so, does it check the reverse order of the rule ? ,
 i.e. If you have a rule where A can talk to B, if you send an ACK from B to A
will it accept it and add it to it's table with the default TCP time-out ?

Thanks in advance

Alan Trevillion

Bank of America
Internet LAN/WAN Group




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html 
================================================================================



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================