Packet Filtering
This article explains packets, packet headers, and packet filtering. What can the option of allowing or disallowing packets be based on? What are the weaknesses and advantages of packet filtering? After you read, you should be able to describe packets and packet headers.
2. Packet filtering
All network traffic is sent in the form of packets. Large amounts of traffic is split up into small packets for easy handling and then reassembled when it arrives at its destination. In the packet header every packet contains information on how and where it should be delivered. And this information is exactly what a packet filtering firewall uses. Filtering is based on:
- Allow or disallow packets based on source/destination IP address.
- Allow or disallow packets based on source/destination port.
- Allow or disallow packets based on protocol.
- Allow or disallow packets based on flags within a specific protocol.
In other words, this filtering is based on all the data within the header of a packet and not its content.
Weaknesses:
- Address information in a packet can potentially be a bogus IP address (or as we say spoofed by the sender).
- Data or requests within the allowed packet may contain unwanted data that the attacker can use to exploit known bugs in the services on or behind the firewall.
- Usually a single point of failure.
Advantages:
- Simple and easy to implement.
- Can give warnings of a possible attack before it happens (ie. by detecting port scans).
- Good for stopping SYN attacks.
Examples of free packet filters on Linux:
It is highly recommended that you use Iptables. Ipchains is obsoleted.