Packet Filtering Firewall
Examines the source and destination address of every packet passing through
- Allows only packets that have acceptable addresses to pass
- Examines IP Addresses and TCP port ID’s only
- Packet Filtering firewall is unaware of applications and what the intruder is trying to do
“IP spoofing” remains a problem
- Done by simply changing the source address of incoming packets from their real address to an address inside the organization’s network
- Firewall will pass this packet as it looks like a valid internal IP address
- Many firewalls know to discard incoming packets with internal IP addresses