what is the difference between state full inspection and deep packet inspection ?

NAMEWITHELD12
NAMEWITHELD12 used Ask the Experts™
on
what is the difference between state full inspection and deep packet inspection ?


thanks !!!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
SouljaSr.Net.Eng
Top Expert 2011

Commented:
Distinguished Expert 2018
Commented:
SPI basically inspects to see whether the packet is part of a valid session. For example, if I try to send a packet to try to terminate a session that doesn't exist, this will get rejected. Because it checks so much less than DPI does, it is a lot less taxing on the firewall's hardware. However, it is far less secure.

DPI looks a lot deeper into packets to get an idea of whether the packet is valid for acceptance. As pointed out, this requires a lot more processing power. However, because the firewall is being more finicky about what it allows through, it is also the far more secure way to go.
atlas_shudderedSr. Network Engineer

Commented:
Simple answer:

Stateful inspection confirms that traffic is part of a legitimate SYN/ACK session.  Uses a session table to track outbound SYN requests and only allows return traffic that corresponds to these known requests.  Used to combat the following:

1. SYN Flood attacks by actively tracking sessions and automatically closing orphaned embryonic sessions
2. Gratuitous ACK attempts against internal hosts wherein an attack generates crafted ACK packets against a host in the effort to illicit a bogus session response or resource flood.

Deep Packet Inspection takes the above to the next level by doing at least one and sometimes two main things:

1. - Always - Inspects each packet to insure it complies with RFC standards.  Used to counter attackers attempts to inject malformed packets
2. - Sometimes - Inspects actual payload to insure the packet doesn't contain malicious content in payload (malware/sploit/etc.).  This is usually found with beefier boxes that are making use of sandboxing and application level inspections.

Easy Peasy.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial