dangboy
join:2001-12-21
India
| RT311 and SPI
Hey there!!
Well, this is regarding a feature support on RT314..
whether this router supports SPI(Stateful Packet Inspection)
or not..though the answer maybe NO, but I am looking into the filter setup and hence is there a way through which one can set up SPI with RT314....
Thanx for Your time and effort.. |
|
SYNACK
Just Firewall It
Premium,Mod
join:2001-03-05
Venice, CA
 ·Comcast Formerly ..
Host:
Networking
Virtual Private Ne..
Netgear
ZyXEL
| For true stateful packet inspection, you need a ZyWALL.
SPI has become a highly misused buzzword and saying a router has SPI does not say much at all. NAT itself is very stateful by design, if menu 15 is blank, the LAN is protected from anything uninvited coming from the outside.
When people ask about "SPI", they usually have heard of such a checkbox somewhere in the configuration of the linksys models. I still don't know what it does and why it is even necessary except for that SPI blurp in the shiny brochure.
Do you run servers? If you don't forward any ports in menu 15, you don't need SPI. If you run a server, you want the traffic and you don't need SPI.
(You might want DoS protection as e.g. in the ZyWALL series)
You can easily restrict access to your server using a set of packet filters. If you run a semi-private server, accessible only by a few friends, you are also quite safe.
True stateful inspection is useful in all cases where NAT protection is not present.
In summary, do you know what aspects of SPI you need, and why? With the invention of "ip antiprobe" in version 3.25, the router will pass any online scan with flying colors, what exactly do you want to filter? |
|
dangboy
join:2001-12-21
India
| Thanx for ur reply..
Though it has not been a long time since I started going thru this site, but nonetheless ur quotes have been of much help to me...
One last thing I would like to know..
How do I prevent DOS attacks on RT314...
Thank You once again for ur effort...
I do appreciate!!! |
|
dangboy
join:2001-12-21
India | reply to dangboy
I Hope someone can answer this for me...
Anything regarding DoS attacks with the router would be sufficient enough to get me started to work on it....
Thanx again!!! |
|
Rizal7
Best Cheater Wins
join:2001-02-21
Norway
| reply to dangboy
DoS attacks is a very general term, but there is no mechanism in the RT series to cope with this.
You can ofcourse do some crude stuff with the packet filters, but that will only help agains certain type of attacks.
Then you need to upgrade to the something like the ZyWALL for example.
Rizal |
|
Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS | Would not DoS attacks also affect the persons ISP and thus become a bigger issue?? Unless running a business should the extra monies be spend for DoS etc...
Anav |
|
Bobcat
Premium
join:2001-02-04
Bedminster, NJ
 ·Verizon Online DSL
| reply to SYNACK
said by SYNACK:
When people ask about "SPI", they usually have heard of such a checkbox somewhere in the configuration of the linksys models. I still don't know what it does and why it is even necessary except for that SPI blurp in the shiny brochure.
Well, this is what the User's Manual says:
"SPI (Stateful Packet Inspection) - This feature checks the state of of [sic] a packet to verify that the destination IP address matches the source IP of the original request. To use the firewall, click the Enable button; otherwise select Disable to use the NAT firewall."
But I don't know what that means.
--
Without software, life itself would be impossible.
Optimum Online; $29.95 per month; average speed 7200/900 kbps |
|
SYNACK
Just Firewall It
Premium,Mod
join:2001-03-05
Venice, CA | said by Bobcat:
But I don't know what that means.
Ditto!  |
|
DrTCP
Yours truly
Premium,ExMod 1999-04
join:1999-11-09
Round Rock, TX
| reply to Bobcat
quote:
"SPI (Stateful Packet Inspection) - This feature checks the state of of [sic] a packet to verify that the destination IP address matches the source IP of the original request. To use the firewall, click the Enable button; otherwise select Disable to use the NAT firewall."
That is a very inaccurate description of SPI. Here are two good pages discussing various forms of firewalls.
»www.avolio.com/apgw+spf.html
»rr.sans.org/firewall/anatomy.php
BTW, PracticallyNetworked.com's definition of SPI lists some extra features found in SPI routers but they are not an explanation of SPI itself. There is a lot of mis-information regarding SPI in the market!
[text was edited by author 2002-01-23 17:01:36] |
|
DrTCP
Yours truly
Premium,ExMod 1999-04
join:1999-11-09
Round Rock, TX
| reply to dangboy
Here is another bogus description of SPI from Linksys:
»www.linksys.com/faqs/default.asp?fqid=35
quote:
Q. What is Stateful Packet Inspection?
A. Stateful Packet Inspection (SPI) is a technology used in firewalls which instead of simply hiding an IP address from the internet, will look at each individual packet for information such as its source and destination addresses and protocol that is being used, in order to take certain actions based upon a set of pre-established criteria. SPI can be used to prevent DoS attacks, since the contents within the packet are known.
By this definition a packet filter that can filter in any field of the packet would qualify as SPI but it is not. |
|
SYNACK
Just Firewall It
Premium,Mod
join:2001-03-05
Venice, CA
·Comcast Formerly ..
Host:
Networking
Virtual Private Ne..
Netgear
ZyXEL
| Here is the definition from the PC Magazine review:
(See thread »Broadband Review - PC Magazine )
SPI (stateful packet inspection) - A type of firewall that uses either a predefined or an editable rule set to determine whether packets are going to be forwarded or denied.
Here all the old packet filters would also qualify and you could make a case that menu 15 alone is SPI. hmmmm.... |
|
Bobcat
Premium
join:2001-02-04
Bedminster, NJ | reply to Bobcat
Well, here's what someone said about SPI in the reply to the news articles: »/forum/news,14···#2409275 |
|
