These types of packet-filter firewall technologies were useful in blocking specific
types of network traffic, such as vulnerabilities that utilize the RPC protocol, by simply
blocking negotiation ports or other high ports that the RPC protocol uses. Other ports, on
the other hand, were often left wide open to support certain functionality, such as the
TCP 80 port, utilized for HTTP web browsing. As previously mentioned, a packet-filter firewall
is able to inspect only the header of a packet, understanding which port the data is
meant to utilize, but unable to actually read the content. A good analogy to this would be
if a border guard was instructed to allow only citizens with specific passports to enter the
country, but had no way of inspecting their luggage for contraband or illegal substances.
The problem that is becoming more evident, however, is that the viruses, exploits, and
attacks have adjusted to conform to this new landscape, and have started to realize that
they can conceal the true malicious nature of their payload within the identity of an
allowed port. For example, they can piggy-back their destructive payload over a ???known
good??? port that is open on a packet-filter firewall.
Pages:
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82