Re: SPI feature - dslreports.com

Author	All Replies
rchandra Stargate S G-1 And Atlantis Fan Premium join:2000-11-09 14225-2105 clubs:	reply to Bobcat Re: SPI feature Well, as you can tell, whoever wrote the Linksys documentation doesn't exactly have a firm grasp on English. The quote out of the docs implies it's the state of the packet that matters, and thus the confusion. Packets don't really have a state; they have a header and contents/payload. The state being referenced is the state of a network connection. SPI not only looks at the source and destination addresses (as in IP addresses) and ports (if applicable), but also monitors other attributes of a packet, such as TCP sequence numbers or some timer attached by the router to recently passed packets (often for ICMP or UDP, which are connectionless protocols). It is an enhancement to security because more about a packet has to "match up" before it is allowed to be passed through. It's therefore more likely to be a legit communication and less likely to be someone trying to sneak something past your router. [edit]oh, yeah...forgot practical application. Let's say some random cracker is doing some packet sniffing and is waiting for the end of some mail sesssion you have going, and wants to inject some packets for whatever reason back behind your firewall. S/he waits for the connection to close, then sends packets that look like they might belong with that data stream, so the router passes them back. If the router does SPI, it realizes you've already sent the packets for TCP connection shutdown, so it says, "no way, Jose". Usually it just drops the additional packets on the floor, or it may return some ICMP message, or in addition to dropping, it might log internally or to some computer (syslog packet, SNMP trap, etc.). Or let's take another, DoS example. BlAcKHaTCrAcKeR that I am, I want to cause constant TCP RST responses in your communication, so I just inject packets with invalid TCP sequence numbers, thus causing the connection to be reset and terminated. An SPI firewall would refuse to let these out-of-bounds packets through. [text was edited by author 2002-02-04 23:35:30]
	to forum · permalink · · 2002-02-04 23:24:32 ·
DrTCP Yours truly Premium,ExMod 1999-04 join:1999-11-09 Round Rock, TX	SPI (stateful packet inspection) is a very poorly understood term (even in the documentation of the vendors that claim SPI! Description of SPI in Linksys documentation is wrong. So, is the description of SPI at PracticallyNetworked.com. Pls. see my take on this issue. »RT311 and SPI
	to forum · permalink · · 2002-02-05 18:25:44 ·


Friday, 27-Nov 11:38:38	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF