Stateful Packet Inspection Firewall
From: greenNOSPAMaviator@bigfoot.com
Date: 02/12/03
- Next message: sponge: "Re: Stopping outgoing traffic"
- Previous message: Mark Turnbull: "Re: Is there a free version of BlackIce?"
- Next in thread: SysAdm: "Re: Stateful Packet Inspection Firewall"
- Reply: SysAdm: "Re: Stateful Packet Inspection Firewall"
- Reply:(deleted message) Mike: "Re: Stateful Packet Inspection Firewall"
- Reply: DougNews: "Re: Stateful Packet Inspection Firewall"
- Reply: MeanChildJ: "Re: Stateful Packet Inspection Firewall"
- Reply: NeoSadist: "Re: Stateful Packet Inspection Firewall"
- Reply: Vincent Leung: "Re: Stateful Packet Inspection Firewall"
- Reply: DrJulians: "Re: Stateful Packet Inspection Firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: greenNOSPAMaviator@bigfoot.com Date: Wed, 12 Feb 2003 21:15:56 +0000
I just got a DSL Router which includes an SPI firewall. The
manufacturer (Linksys) doesn't have very good technical support, so
I'm not much wiser as to how it works. The firewall screen has no
configuration options which worried me first time I saw it.
In a previous message a few weeks ago someone said;
>To over simplify it, SPI allows all of your
>external ports to be closed until an internal request is made, then a port
>is temporarily opened for the response to that request only. This is
>accomplished by using a state table.
>If the firewall product you are using does not have stateful packet
>inspection, then you are in the dark ages.
Is this synopsis approximately correct, that connections are
disallowed until the client initiates an outbound connection, or a
"listen" on a port?
Someone mentioned the following webpage;
http://www.sans.org/rr/firewall/anatomy.php
which again broadly says that SPI maintains a table for all
connections, and inspects packet contents for legality. My question
again is how "legality" is defined; whether anything that the client
computer initiates is treated as legitimate. My previous experience is
only with software firewalls i.e. ZoneAlarm, which blocks off incoming
ports but also controls which applications can access the net / listen
to ports. Presumably SPI does not place any restrictions on client
actioins.
This is a bit worrying, because it seems to me that SPI places no
barriers in the path of a trojan that I might accidentally install
(from an email attachment say) on my computer. If EvilTrojan installs
and listens on port 400 for portscans, how is the firewall to
differentiate between it and a legitimately written user application
which may also wish to listen on port 400? Linksys techsupport tried
to tell me SPI would prevent trojans, but they couldn't explain the
above point, and I think they're wrong.
- Next message: sponge: "Re: Stopping outgoing traffic"
- Previous message: Mark Turnbull: "Re: Is there a free version of BlackIce?"
- Next in thread: SysAdm: "Re: Stateful Packet Inspection Firewall"
- Reply: SysAdm: "Re: Stateful Packet Inspection Firewall"
- Reply:(deleted message) Mike: "Re: Stateful Packet Inspection Firewall"
- Reply: DougNews: "Re: Stateful Packet Inspection Firewall"
- Reply: MeanChildJ: "Re: Stateful Packet Inspection Firewall"
- Reply: NeoSadist: "Re: Stateful Packet Inspection Firewall"
- Reply: Vincent Leung: "Re: Stateful Packet Inspection Firewall"
- Reply: DrJulians: "Re: Stateful Packet Inspection Firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
