Which of the following type of traffic can easily be filtered with a stateful packet filter by enforcing the context or
state of the request?
A.
ICMP
B.
TCP
C.
UDP
D.
IP
Explanation:
The TCP protocol is stateful. In a TCP connection, the sender sends a SYN packet, the receiver sends a SYN/
ACK, and then the sender acknowledges that packet with an ACK packet. A stateful firewall understands these
different steps and will not allow packets to go through that do not follow this sequence. So, if a stateful firewall
receives a SYN/ACK and there was not a previous SYN packet that correlates with this connection, the firewall
understands this is not right and disregards the packet. This is what stateful means—something that
understands the necessary steps of a dialog session. And this is an example of context-dependent access
control, where the firewall understands the context of what is going on and includes that as part of its access
decision.
Incorrect Answers:
A: The ICMP protocol is stateless, not stateful.
C: The UDP protocol is stateless, not stateful.
D: The IP protocol is stateless, not stateful.Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 232