Solved

Cisco IOS firewall - ip inspect name OUTSIDE TCP

Posted on 2008-10-20
4
931 Views
Last Modified: 2008-11-18
I am trying to make sense of the IP INSPECT statement of the Cisco IOS firewall. What does it mean when I have IP INSPECT NAME OUTSIDE TCP? or IP INSPECT NAME OUTSIDE ICMP? Does it mean that after the packet pass through the access list, it will be inspected by the IOS firewall and it the packet is not a TCP connection or an ICMP packet, the packet will be dropped? Thx
0
Comment
Question by:netdoc01
  • 3
4 Comments
 
LVL 10

Expert Comment

by:kyleb84
Comment Utility
It means that it will keep track of TCP connections, inspecting packets for abnormalities and/or possible attacks.

Same applies to ICMP, the firewall will inspect the packet, make sure everything looks ok in it, then pass it on.

If the packet is deemed bad, corrupt or invalid - even part of a possible attack, it will then be dropped.
0
 
LVL 10

Expert Comment

by:kyleb84
Comment Utility
For example, if you do not include a

 "IP INSPECT NAME OUTSIDE UDP"

The firewall will not take any notice of UDP packets, and just pass them straight on to the destination.
0
 

Author Comment

by:netdoc01
Comment Utility
"inspecting packets for abnormalities and/or possible attacks"

How can it determine if a packet is bad like you have mentioned above?
0
 
LVL 10

Accepted Solution

by:
kyleb84 earned 500 total points
Comment Utility
For TCP connections, each packet has a set of "flags" in the header that control a connection, you wouldn't - for example see all SYN + RST + ACK flags set in the one packet (SYN = do a connect, RST = reset, ACK = acknowledge).

ICMP packets can contain invalid requests (Can't think of an example).

Some mixture of invalid flags / requests are well known attacks, other instances might just be data corruption that happened on the way.

The bottom line is that when it inspect TCP - it only looks at the TCP info header, not the data therein.

The firewall CAN do layer 4+ inspection as well, which actually takes a look at the data inside the packet and not just the header.

Layer 4+ protocols like SIP, HTTP, and FTP can all be monitored as well. This involves keeping track of such connections deep inside your TCP / UDP packet.

0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now