What is Dynamic Filtering

What is dynamic filtering

Static filtering has its weaknesses.

 That means that even when packets are not flowing from inside to outside, holes must be left open for returning packets.

 In the example above, if there is no access to the web server from the inside to the outside, there is no need to open the "IN" hole, which is the intrusion route from the outside to the inside. From there, you might let packets through that you shouldn't allow.

 A firewall that can check the contents of the TCP header can check the handshake status of the SYN and ACK flags in the TCP header and block packets that are not returned from the inside. If the shake state is camouflaged, it will be passed.

Also, with UDP, there is no SYN or ACK flag in the UDP header, so you can't even check the state of the handshake.

 In static filtering, a hole must always be opened as a path, so the hole that remains open is a weak point.

Some applications require a very large number of holes to be drilled.

For example, for games that use DirectX, the following port numbers must be open for communication.

protocolport number
UDP2300 to 2400
TCP2300 to 2400

* It depends on the version of DirectX, whether it is a host or a client, and the type of game.

The more applications you use inside, the more holes you need to drill.

If it's full of holes like the picture above, I'm worried about security.

 To ensure security, we would like to open holes only when we want them to pass, but static filtering cannot do that.

Therefore, dynamic filtering was devised to eliminate the weaknesses of static filtering.

 Firewalls with dynamic filtering functions used to be very expensive, but recently there are more and more inexpensive routers with this function, and there are many situations where this function is used.