Unlike TCP sessions, UDP sessions are connectionless. This characteristic of UDP sessions makes it harder to identify packets that belong to the same session. In these cases, CBAC uses source/destination addresses and port numbers and whether the packet was detected soon after another similar UDP packet to determine whether the packet belongs to that particular session. "Soon" means within the configurable UDP idle timeout period.
- Reply to PASV with address/port information
- SYN to the new address/port
Was this article helpful?