Transcript Packet Filtering (REDES 418)

Packet Filtering
COMP 423
Packets
• To understand how firewalls work, you must first
understand packets. Packets are discrete blocks
of data, and are the basic unit of data handled by
a network. Also called a datagram.
• Each packet consist of two parts: the header and
the data.
• The header contains information that is normally
only read by computers, such as where the
packet is coming from and its destination.
• The data is the part that end users actually see
(the body of an e-mail message or a web page).
Packet Filter
• A hardware or software that is designed to block
or allow transmission of packets of information
based on criteria such a port, IP address, and
protocol.
• Provide a basis for understanding TCP/IP
networks communications.
• Acts like a ticket-taker in a multiplex movie
theatre (admit only those with valid tickets – that
is, tickets for a particular film, on a particular day,
at a particular time)
Packet-Filtering Devices
• Routers: these are probably the most common
packet filters
• Operating systems: some OS, like Windows
and Linux, have built-in utilities that can filter
packets on the TCP/IP stack of the server
software. Linux has a kernel-level packet filter
called Iptables; Windows has TCP/IP
Filtering.
Packet-Filtering Devices
• Software firewalls:
– Enterprise-level
• Check Point Fire Wall-1
– Personal firewalls
• ZoneAlarm
• Sygate Personal Firewall
Anatomy of a Packet
Packet-Filtering Rules
• Drop all inbound connections; allow only outbound
connections on Ports 80 (HTTP), 25 (SMTP), and 21
(FTP).
• Eliminate packets bound for all ports that should not
be available to the Internet, such NetBIOS but allow
Internet-related traffic, such as SMTP, to pass.
– NetBIOS, Short for Network Basic Input Output System, an
API that augments the DOS BIOS by adding special
functions for local-area networks (LANs)
• API, an abbreviation of application program interface, is a set of
routines, protocols, and tools for building software applications
Packet-Filtering Rules
• Filter out any ICMP redirect or echo (ping)
messages, which may be used by attackers
attempting to locate open ports or host IP
address. ICMP is Internet Control Management
Protocol, used to transmit diagnostic information
about IP transmission
• Drop all packets that use the IP header source
routing feature.
– In IP source routing, the originator of a packet can
attempt to partially or completely control the path
through the network to the destination.
Bibliografía
• Tomado de: “Guide to Firewalls and Network
Security: with intrusion detection and VPNs”
2nd edition. Whitman, Mattord, Austin,
Holden.