For TCP sessions, stateful firewalls generally inspect the 3-way handshake.. for UDP there is no such handshake. How do they track UDP sessions in the stateful session table?
Do they merely log the first packet, record source IP, source port, destination IP, destination port, and track the session that way.. and any other packets received that match the same criteria are marked as client traffic for the session, and packets with the source/dest fields inverted match server traffic for the same session?
No comments:
Post a Comment