Re: [fw-wiz] State of security technology for the enterprise

Paul D. Robertson wrote:
"Deep packet inspection" has been on the market as such for a number of years as the challengers to "stateful packet inspection"

...And nobody has ever done an adequate job of explaining what is
stateful about SPI or particularly "deep" about DPI. As one of those
obnoxious guys who always did everything at Layer 7, it seems more
like an argument about who's the tallest kid in the shallow end of
the pool.

Marcus J. Ranum CSO, Tenable Network Security, Inc.
firewall-wizards mailing list

Relevant Pages

  • Re: Linksys BEFSR41 and SPI
    ... > Does the BEFSR41 do Stateful Packet Inspection or not? ... > that the Linksys routers used to do SPI, but Linksys removed the feature. ...
  • Re: Why does passive FTP work behind router/firewall?
    ... but afaict your router has SPI ... > FTP outgoing packets with port information and PASV data transfer ... > requests and to subsequently open relevant prots on the router. ... Stateful Packet Inspection is another means of stopping unsolicted ...
  • Re: Why does passive FTP work behind router/firewall?
    ... > this means that it is smart enough to recognize an FTP session ... As far as I understood, SPI is a firewall feature, which prevents ... When the SPI (Stateful Packet Inspection) feature is turned on, ...
  • Re: Linksys SPI
    ... I didn't know that SPI was stateful packet inspection (on ... I doubt that these cheap routers can actually perform ... "true" spi, but hey I thought that it was worth a shot, so I enabled it. ... it shouldn't disable or enable the NAT firewall. ...
  • Re: D-Link DI-804HV Router Firewall SPI Function
    ... A firewall that uses Stateful Packet Inspection ... Is this a router hardware problem or do I ... What does SPI mean? ... For every inbound packets of data/traffic or connection ...