Re: a good site or book to understand SPI

From: RobertB. (rb28_at_nyu.edu)
Date: 02/03/04 

Date: Tue, 03 Feb 2004 09:49:33 -0500

Thanks for the info; I've been looking for similar information, specifically, how best to configure such firewalls.
In article <ca3e516b.0402022331.2dee74b8@posting.google.com>,
 heyimjustcurious@yahoo.com (curious) wrote:

> I did yahoo search on SPI. The followings are some definition or
> explanation. I can read one after anohter but to be productive, can
> anyone provide me with a good site or book to read and understand SPI
> better? In fact, I want to read all the pertinent information on home
> PC security as well as home network security - I will have a home
> network in the future. All pertinent means things like HOST file,
> BDSKong, etc. I can learn. Just want to be efficient in my learnign
> process due to time, i.e have other topics (of other areas) to read
> too.
> Thanks.
> ---------------------------------
> What is Stateful Packet Inspection?
> When an IP packet arrives at the firewall from the Internet, the
> firewall must decide if it should be forwarded to the internal
> network. In order to accomplish this the firewall "looks" to see what
> connections have been opened from the inside of the network to the
> Internet. If there is a connection open that applies to the packet
> that has arrived from the Internet then it will be allowed through,
> otherwise it will be rejected.
>
> This is known as stateful packet inspection. The firewall looks at the
> source and destination IP addresses, the source and destination ports
> and the sequence numbers to decide if the packet belongs to a current
> open connection. The InterGate performs stateful packet inspection and
> only allows traffic into the network on connections opened from inside
> the network or on services explicitly opened by the administrator.
>
> ---
> A firewall technology monitoring the state of the transaction to
> verify the destination of an inbound packet matches the source of a
> previous outbound request.
> ----
>
> [SPI is] a technology that goes beyond simple packet filtering to
> track transactions to ensure that inbound packets are actually
> requested by the user. Data that fails this filtering at multiple
> layers is blocked.
>
> ---
>
> SPI means very different things to different people (not to mention
> different vendors!) I think gwion and SYNACK have both discussed this
> in some detail in the past. At the moment, throwing SPI around is
> considered little more than a marketing gimmick like Stealth.
>
> In its most elemental form, it simply means that the firewall/router
> is simply checking packets (mostly incoming packets, I might add) to
> ensure that they are in response to a valid outbound request for
> information. That's it, in a nutshell. It means that the
> router/firewall checks its state table and says "Oh, yeah, I sent a
> request from Port xxx (local) to Port yyy on IP aa.bb.cc.dd and I see
> I've gotten a response. Okay, I'll take that." Of course, the state
> table is typically limited in both size and time duration. If the
> response takes too long to come back, the state table no longer
> recognizes it and trashcans the incoming packet as an unsolicited
> (inbound) communication attempt. Quite frankly, I don't know a single
> consumer-grade product that doesn't already do at least this much on a
> regular basis.
>
> To others, SPI means considerably more. Specifically, it means
> something that inspects the contents of the packet (not just the
> source and destination IP/Port info). At this point, we start getting
> into IDS/IPS features. Of course, if someone is simply throwing around
> the term SPI without describing what they mean by it, it's quite
> likely that it means little more than the simple description, but they
> are trying to imply the more sophisticated interpretation (without
> actually saying so, of course). And this is what's called FUD.
>
> ----------------------

Relevant Pages

  • a good site or book to understand SPI
    ... I did yahoo search on SPI. ... PC security as well as home network security - I will have a home ... What is Stateful Packet Inspection? ... When an IP packet arrives at the firewall from the Internet, ...
    (comp.security.firewalls)
  • Re: What is the best CONSUMER firewall wireless appliance/router
    ... >> The packet filtering host based firewall solution will perform the ... >> fucntion of the SPI that is missing on the NAT router without SPI. ... You always need Stateful Packet Inspection and a firewall appliance will ... have it, if it's any good, a network FW following the OSI or TCP/IP model ...
    (comp.security.firewalls)
  • Re: NAT is not a mechanism for securing a network.. but.. HELP!
    ... For years I have heard people claim that NAT could be circumvented ... > packet is routed. ... but the only outside network I have access to right now ... > Firewall is a term, most people use other than it was intended. ...
    (comp.security.firewalls)
  • Re: hardware firewall
    ... Packet filters: A packet filter looks at each packet that enters or leaves ... > the network and accepts or rejects the packet based on user-defined rules. ... There is alot of heady info here in this whole RE: hardware firewall thread. ...
    (comp.security.firewalls)
  • Re: MCE 2005 Xbox 360 Extender PC Setup Cannot find Xbox 360 on Ne
    ... Packet mon shows no network packets comming from my PC when the Xbox ... 360 Setup is 'searching' for the Xbox on the network. ... This is typically due to firewall issues, ...
    (microsoft.public.windows.mediacenter)
Loading