TCP vs UDP with CBAC

• CBAC works on TCP & UDP traffic 
• It supports FTP that require multiple, simultaneous sessions or connections.
• CBA used to protect internal network from external threats by configuring it to inspect inbound traffic from the outside world for those protocols.
• TCP has clear-cut connections
• so CBAC can handle it rather easily.
• CBAC works at a deeper level than simply protocols & port numbers.
• for example, with FTP traffic, CBAC recognises and inspects the specific FTP control channel commands to decide when to open and close the temporary firewall openings.
• UDP traffic is connection less when compare to TCP, so it is more difficult to handle. 
•  CBAC manages UDP by approximating based on factors such as
• whether the source and destination addresses & ports of UDP frames are the same as those that came recently
• & their relative timing.
• CBAC uses the global idle timeout to determine whether a segment arrived "close enough" in time (then it will be considered as part of the same flow.
• Other timeouts are protocol-specific timeouts for TCP & UDP traffic.
• 
  
•