It works in the network layer of the OSI Model. It applies a set of rules (based on the contents of IP and transport header fields) on each packet and based on the outcome, decides to either forward or discard the packet.
For example, a rule could specify to block all incoming traffic from a certain IP address or disallow all traffic that uses UDP protocol. If there is no match with any predefined rules, it will take default action. The default action can be to ‘discard all packets’ or to ‘accept all packets’.
Security threats to Packet Filters:
IP address Spoofing:
In this kind of attack, an intruder from the outside tries to send a packet towards the internal corporate network with the source IP address set equal to on the IP address of internal users.
Prevention:
Firewall can defeat this attack if it discards all the packets that arrive at the incoming side of the firewall, with source IP equal to one of the internal IPs.
Source Routing Attacks:
In this kind of attack, the attacker specifies the route to be taken by the packet with a hope to fool the firewall.
Prevention:
Firewall can defeat this attack if it discards all the packets that use the option of source routing aka path addressing.
Tiny Fragment Attacks:
Many times, the size of the IP packet is greater than the maximum size allowed by the underlying network such as Ethernet, Token Ring etc. In such cases, the packet needs to be fragmented, so that it can be carried further. The attacker uses this characteristic of TCP/IP protocol. In this kind of attack, the attacker intentionally creates fragments of the original packet and send it to fool the firewall.
Prevention:
Firewall can defeat this attack if it discards all the packets which use the TCP protocol and is fragmented. Dynamic Packet Filters allow incoming TCP packets only if they are responses to the outgoing TCP packets.
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM
