January 14th, 2005, 12:24 PM
Altough a firewall can use system calls (any O.S.) to get info about the ongoing connections, im not sure that it will that because a firewall need to be IN THE middle of the connection OR the O.S. has some kind of authorization/hook exit to call the firewall.
So i think that when the firewall starts it simply interfere on Kernel stack protocol (hooking on it, probably) and monitor every packet that pass thru the stack. Since firewall see all packets, it will know all "connections" (all udp/tcp flows) that are currently active.
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt.
If I die before I wake, I pray the Lord my soul to brake.