Understanding CBAC might be made easier if you think of it
as reflexive ACLs without the limitations. CBAC adds inspection intelligence to
ACL capabilities by reading the entire packet for application status
information, which is stored in the state table. Like reflexive ACLS, CBAC
watches outbound traffic to determine what packets to let in; but unlike
reflexive ACLs, CBAC can make decisions based on how the application behaves,
not only the addresses and port number it uses.
CBAC can open any additional inbound channels required for
returning data that were negotiated by the outgoing data for a particular
When a session times out or ends, the state table and ACL entries
are deleted, and the opening closes to additional traffic.
CBAC can be configured to inspect and filter the following IP
sessions and application-layer protocols:
All TCP sessions, regardless of the application-layer
protocol (sometimes called single-channel or generic TCP inspection).
All UDP sessions, regardless of the application-layer
protocol (sometimes called single-channel or generic UDP inspection).
CU-SeeMe (White Pine version only), an Internet
videoconferencing program developed as freeware by Cornell University.
WhitePine, Inc., sells an enhanced commercial version.
FTP doesn’t support third-party connections (three-way FTP
transfer). Allows data channels with the destination ports 1024 to 65535. CBAC
won’t open a data channel if the FTP client-server authentication fails.
HTTP (Java blocking).
UNIX R-commands, such as rlogin, rexec, and rsh.
H.323, such as NetMeeting and ProShare
Real-Time Streaming Protocol (RTSP): CBAC supports the
following RTSP data transport modes.
Standard Real-Time Transport Protocol (RTP) IETF standard
(RFC 1889) for real-time audio and video applications, such as Cisco IP/TV and
Apple QuickTime 4 software. RTP uses the RTP Control Protocol (RTCP) to manage
the multimedia data stream.
RealNetworks Real Data Transport (RDT) Proprietary protocol
developed by RealNetworks used for RealServer G2. Uses RTSP for communication
control and RDT for the data connection and retransmission of lost packets.
Interleaved (Tunnel Mode) Uses the control channel to tunnel
RTP or RDT traffic.
Synchronized Multimedia Integration Language (SMIL) Layout
language that allows the creation of multimedia presentations made up of music,
voice, image, text, video, and graphics elements. Uses multiple RTSP control and
data streams between the player and the servers. Currently available only for
RTSP and RDT, but SMIL is a proposed specification of the World Wide Web
Consortium (W3C). RealNetworks RealServer and RealServer G2 support SMIL, while
Cisco IP/TV and Apple QuickTime 4 don’t.
RPC Sun RPC, but not DCE RPC.
Simple Mail Transport Protocol (SMTP) CBAC can inspect SMTP,
but not Extended Simple Mail Transport Protocol (ESMTP).
486 times read
Did you enjoy this article?
(total 63 votes)