Thread: TCP packet out of state
View Single Post
  #3 (permalink)  
Old 2006-08-13
northlandboy northlandboy is offline
Senior Member
  
Join Date: 2006-07-28
Location: New Zealand
Posts: 862
Rep Power: 3
northlandboy has an average reputation (10+)
Default Re: TCP packet out of state
Oh, and I meant to add, that allowing out of state TCP packets is a massive security risk. If you're going to do that, why bother with using Check Point at all? Just install a Cisco router with basic access lists, and save yourself the license fee.

Think carefully through the implications of allowing out of state traffic - you've now disabled Check Point's vaunted "Stateful Inspection" What would happen if I was to send 25,000 acks through your firewall? It would allow them, and add them to your connection tables, filling it up.

I could also use it for port scanning pretty trivially.
Reply With Quote