Traffic Inspection
CBAC inspects cartage that traverses through the firewall and manages accompaniment advice for all the TCP and UDP
sessions. This accompaniment advice is acclimated to actualize acting openings through the firewall to acquiesce acknowledgment traffic
and added abstracts admission for permissible sessions.
With the application-level awareness, CBAC maintains TCP and UDP connections, which accommodate all the necessary
information to accomplish abysmal packet analysis in the abstracts burden for any awful activity. For example, as
shown in Figure 5-1, an burglar could ability a malicious, unauthorized, non-SMTP action packet encapsulated
in an SMTP packet destined on TCP anchorage 25. In accepted admission account filtering, this packet would be allowed
because it would analysis alone the Layer 3 and Layer 4 advice in the packet. With CBAC packet inspection,
the packet is added advised for accepted SMTP operations as per RFC standards, and any noncompliance
operation (illegal commands) in the burden is blocked.
Figure 5-1. Application-Aware Cartage Inspection
[View abounding admeasurement image]
Based on this analysis method, several types of arrangement attacks that use the embedding address to pass
malicious cartage encapsulating in accepted appliance agreement packets can be prevented.