application proxy and UDP

livenliven Member Posts: 918
in Off-Topic
Are there any application gateways/proxies that will protect UDP traffic....


I guess this is kind of a dumb question, but I am looking for something other than just DNS protection. THat is pretty easy.

Other applications and web traffic that is UDP...
encrypt the encryption, never mind my brain hurts.
· Share on FacebookShare on Twitter

Comments

  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    Do you mean something like a stateful firewall that can do layer 4-7 inspection?
    The only easy day was yesterday!
    · Share on FacebookShare on Twitter
  • livenliven Member Posts: 918
    Yea I guess....

    To be honest besides regular proxy servers, state full inspection firewalls, and web content filtering devices I don't really have much experience with application gateways.

    Is there another "type" of device that fits or defines this category?

    I ask because I was asked a similar question. And I though it should/might be possible to have some sort of proxy/gateway for traffic including UDP. However, I was called out on the "state full" aspect of firewalls and UDP. Called out in regards to "is it really possible because UDP is connectionless".


    Perhaps I am talking in circles, but I was starting to doubt myself. However I know that I have entered state full rules for port 53 on udp before....

    Ok I feel like I am rambling... SOrry if this doesn't make much sense.
    encrypt the encryption, never mind my brain hurts.
    · Share on FacebookShare on Twitter
  • MishraMishra Member Posts: 2,468 ■■■■□□□□□□
    Actually rambling does good in my case because I can put myself in your position.

    No matter if a packet is using TCP or UDP it still has data in it and applications and parse through that data and perform user based rules.

    So UDP packets aren't excluded in this picture. Although I guess I should call them UDP streams at this point. :) I'm not sure if I can answer for a firewall but I believe load balancers and proxies can do what you are looking for.
    My blog http://www.calegp.com

    You may learn something!
    · Share on FacebookShare on Twitter
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    UDP is a tough protocol because it does not have a defined beginning and end of the connection, and there are no sequence numbers in the UDP header for a firewall to track. All hope is not lost when it comes to securing UDP protocols. Many protocols can be inspected in layers 5-7 and there are typically sequence numbers and connection setup and taredown similar to the way that TCP works. This all assumes the firewall has a "signature" of sorts that allows it to know how the protocol functions and can track the progress of the protocol. Many of the VoIP protocols that are UDP based can be inspected by firewalls, but it depends on the firewall device and it's capabilities.
    The only easy day was yesterday!
    · Share on FacebookShare on Twitter
  • livenliven Member Posts: 918
    dtlokee wrote:
    UDP is a tough protocol because it does not have a defined beginning and end of the connection, and there are no sequence numbers in the UDP header for a firewall to track. All hope is not lost when it comes to securing UDP protocols. Many protocols can be inspected in layers 5-7 and there are typically sequence numbers and connection setup and taredown similar to the way that TCP works. This all assumes the firewall has a "signature" of sorts that allows it to know how the protocol functions and can track the progress of the protocol. Many of the VoIP protocols that are UDP based can be inspected by firewalls, but it depends on the firewall device and it's capabilities.


    Thanks guys.

    DTlokee, Yes I have had similar issues with VOIP, firewalls and UDP.

    And thanks for making me feel "Not stupid". Sometimes conversations start, and things are said and then I can't give a specific example to back myself up... Only because I was thinking to fast and need a few seconds to catch up with myself...

    Anyway thanks again fellas I really appreciate your thoughts.
    encrypt the encryption, never mind my brain hurts.
    · Share on FacebookShare on Twitter
  • MishraMishra Member Posts: 2,468 ■■■■□□□□□□
    liven wrote:
    Thanks guys.

    DTlokee, Yes I have had similar issues with VOIP, firewalls and UDP.

    And thanks for making me feel "Not stupid". Sometimes conversations start, and things are said and then I can't give a specific example to back myself up... Only because I was thinking to fast and need a few seconds to catch up with myself...

    Anyway thanks again fellas I really appreciate your thoughts.

    Totally understand. It takes experience and the ability to ask questions to be able to back up your intuitions. When you know you are a good technologist is when you have the intuitions, you ask the questions, and you are right 90% of the time!

    It is best to keep that attitude all throughout your career too. When you can always say "I may be wrong but..." then you are always open to others opinions and knowledge. You take in what the arguer says, do your research, then form your own opinion.
    My blog http://www.calegp.com

    You may learn something!
    · Share on FacebookShare on Twitter
Sign In or Register to comment.