What is a Firewall?
The firewall examines the IP address or port number in the header of the Packets and decides whether to allow the packet or not.
Stateful packet filtering :
A Stateful firewall is a firewall that keeps track of the state of network connections to distinguish legitimate packets.
Here, state of the connection, includes details such as the IP addresses,port numbers and sequence numbers of the packets traversing the connection
The stateful firewall depends on the three-way handshake of the TCP protocol.When a client initiates a new connection, it sends a packet with the SYN bit . All packets with the SYN bit set are considered by the firewall as NEW connections. The server will reply to the SYN packet with a packet in which both the SYN and the ACK bit are set. The client will then respond with a packet in which only the ACK bit is set, and the connection will enter the ESTABLISHED state. Such a firewall will only allow incoming packets if they are part of an ESTABLISHED connection, ensuring that hackers cannot start unsolicited connections with the protected machine.
The most common Denial of Service attack on the internet is the SYN flood,
where a hacker intentionally sends large amounts of SYN packets to the
server in order to overflow its state table, thus blocking the server
from accepting other connections.