What is the difference between a Dynamic (or stateful) packet filter and a Circuit level gateway? Both monitor TCP handshaking between packets to determine whether a requested session is legitimate or not.
Asked
Active
Viewed 840 times
0
-
You ask a lot of questions here that could be answered with a single lookup on wikipedia. What research are you doing on all your questions? – schroeder Jul 19 '17 at 15:25
-
I had a look at Wikipedia (https://en.wikipedia.org/wiki/Circuit-level_gateway) before posting my question which seems to me legitimate. The definition given in Wikipedia states clearly "Circuit-level gateways monitor TCP handshaking between packets to determine whether a requested session is legitimate". This sounds to me very similar to what a stateful packet filter does, do not you think so ? Otherwise I am doing research on today's end-to-end security protocols and pros and cons of each. – sasuke_X220 Jul 19 '17 at 15:50
1 Answers
1
What you describe is true only for the packet filter. Circuit level gateway are more like a "Level-5 proxy" than a simple packet filter firewall.
In fact, when a client attempts to connect to a remote host through a circuit level gateway, the client does not execute its TCP handshake with the remote host. Instead, the circuit-level gateway intercepts the handshake and answers in place of the remote host.
Once the TCP handshake between the client and the circuit-level gateway has been fulfilled and that the circuit-level gateway considers that this connection can be allowed, the circuit-level gateway initiates a second TCP handshake this time between itself and the remote host. The remote host will therefore see the circuit-level gateway as IP source instead of the actual client.
Once this second handshake has been fulfilled, the the circuit-level gateway is in measure to transparently relay the data between the client and the remote server.
With a packet-filter firewall, there is only one TCP handshake occurring directly between the client and the remote host.
WhiteWinterWolf
- 19,082
- 4
- 58
- 104
-
@sasuke_X220 The handshakes are completely independent: each one has its own sequence numbers, negotiated parameters, etc. TCP packets from the client are not forwarded to the server, instead the gateway extracts the data from the TCP packets it receives on one side, and build the corresponding TCP packet with the same data to be sent on the other side. Think of it more like an HTTP proxy applied to TCP than a standard firewall. UDP datagrams, when handled, are just forwarded (like they would be in a NAT firewall) as there is no concept of session here. – WhiteWinterWolf Jul 19 '17 at 16:14
-
Thank you, you just read my mind. I was wondering if the gateway would pick a new sequence number or would it use the same one sent by the internal/remote host. – sasuke_X220 Jul 19 '17 at 16:18