Trying to understand about firewalls, have some confusions.

[shivajikobardan]

I am  ECE student studying about computer networks. And I now stumbled upon a topic called firewall in network security which I believe is really tough to understand.

The slides used by me here are these 2-:

https://drive.google.com/file/d/1kT-XX1UZCkTiNiFe5FLQMawg7Pb8ac7O/view?usp=sharing

https://slidetodoc.com/fundamentals-of-firewalls-based-on-slides-accompanying-the/

I will list my confusions one by one-:


1) They say stateless packet filter firewall doesn't compare packets. What do we get by comparing packets?

2) They say stateless packet filter is suspectible to SYN and Ping flood attacks, why so?
Can you give one example of how attack could be done to this stateless firewall and why?

3) Being aware of context of packets make them less suspectible to flood attacks. Why?

4) I don't understand this example of stateful firewall. How is this stateful firewall? "Connections are only allowed through ports that hold open connectionss"..

5) How is this application gateway example? "Allow select internal users to telnet outside .

a) Require all telnet users to telent through gateway.

b) For authorized users, gateway sets up telnet connection to destination, host. Gateway relays data between 2 connections.

c) Router filter blocks all telnet connections not originating from gateway. I understand really nth what these all mean. Can you help me understand this?


What I already know?

Stateless packet filtering firewall works by examining packet's source address, destination address, source port, destination port, protocol type,ACK, SYN flag.

It looks at only packets headers, not payloads.

Doesn't maintain state about packets.

Doesn't pay attention if packet is a part of existing traffic. (I am bit confused about this).

Stateful packet filtering-:

it can look contents of packet.

application gateway-:

 
A program that runs on a firewall. What do we mean by program that runs on firewall. How is that firewall if that runs on firewall? I am unsure about it...I can't visualize what's going on here tbh...

this filters packet on application data(what application data?) as well as IP/TCP/UDP fields.

[avogadro]

I think youre at the wrong forum. Try stack exchange or some subreddit.

[Siwastaja]

You are confused what "state" means. It basically means memory, acting based on something that happened earlier. This has nothing to do whether we are looking at the payload or not. Stateless acts upon some rules on packet-per-packet basis, stateful can use more complex rules including what happened earlier; for example, let one PING through, but stop letting PINGs through if too many happened in too short time. Such "memory" is essentially what "state" means.

I agree this isn't the best forum for this, but you can try the networking subforum if you like it here:
https://www.eevblog.com/forum/networking/

[Electro Fan]

The OP Is asking good questions.  Whether the thread continues here or moves over to https://www.eevblog.com/forum/networking/ it’s definitely worthy of more good Q&A.  shivajikobardan keep going with your questions.

[m k]

1. More information, should the packet go though or not.
2. Firewall is not the first in line, before it is regular Ethernet stuff.
3. The apparatus is more aware of the whole situation of communication.
4. What Siwastaja said.
5. Firewall was from out to in, now it's what ever, router and gateway are part of it.
a. No direct access, all through gateway, it has a packet sniffer, it can block ports.
b. Connection is client -> gateway -> host, host doesn't "know" client, only gateway.
c. Established connection is not bidirectional, host can't order TAKE, client can order GIVE.

Draw your self a picture.
Include client, server and their connections.
Client is the one that is establishing the connection, not something physical.
Let is be an example where your computer is establishing a connection to eevblog server.
Include firewall to both ends and put internet as a cloud to the middle.
How many logical connections you get?

[Algoma]

A firewall is simply a device on your network, typically at the edge where different groups of devices communicate. It's job is to simply keep track of who is communicating, what state that communication is in, and if it's allowed.

A firewall is typically an additional function of a gateway router. It's a one of many steps the device checks to determine where a message packet is headed and if it's allowed to go there.  A stateful firewall is checking if there is a valid communication already established between two parties.. if it detects something out of state, like a hacker trying to replay packets out of order, it will drop the communication session.

A firewall is simply a set of rules in a network device to check each message against, to determine if the message should be allowed or deleted.

A gateway router, at the edge of your network can have many useful functions beyond simply being a firewall. It can do many other useful tasks as well, depending on its ability to keep track of everything going through it. Overall it's a security check point.. the front entrance of your network.. with many ports.. each can have its own rules of who is allowed in or out, where they can go, how long and even go so far as recognize suspicious activity then terminate and block further communication..

Routers can also keep track of multiple routes into and out of a network(Routes), translate addresses to help messages get where they need to be(NAT). and then make sure they're allowed (Firewall). Then monitor that everything is okay(stateful) and watch for unwanted visitors(Intrusion prevention). Then there is yet more that it can do.