With the increasing availability of broadband internet access, home computer users are starting to encounter many of the same security issues that corporate networks have faced for years. In particular, since broadband connections, such as DSL and cable, allow users to be connected to the Internet for extended periods of time, home users now have to consider how to prevent would-be hackers from gaining access to their computers. The most common solution to this problem is to install a firewall program. A firewall program is a type of security program that filters outbound IP and TCP communication packets before they leave the computer and travel out to a network, such as the Internet, and inbound communication packets received from the network. A firewall generally operates according its settings, which may be implemented as a set of rules. An example of a rule that might be used by a firewall is “Block all inbound packets coming from network card 001 that originate from IP address 10.0.0.1 and TCP port 3000”.
To maximize security, the settings of consumer-oriented firewalls are often configured so as to block all inbound, unsolicited communication packets from the Internet. While this helps to prevent unauthorized entries by hackers, it also creates a problem for those application program that require a “call back” from another computer in order to establish a communication session. An example of such an application program is a File Transfer Protocol (FTP) client. For an FTP client program to retrieve files over the Internet FTP “PORT” command, ask the FTP host to initiate or “call back” the FTP client on a second TCP port. If the FTP client is operating behind a typically-configured firewall, the FTP host's attempts to connect back to the FTP client on the second TCP port will be blocked by the firewall, the attempt by the FTP client to transfer files will fail.
Some firewalls attempt to address this problem by maintaining data on where outbound TCP and IP packets are going and what kind of packets they are. However, because most firewalls operate down at the TCP and IP layers of the network communication stack, they have little or no knowledge about what the application programs are trying to do when they send and receive messages.