Networking stack flaws

Hi

I am an advanced computer user and I use eset smart security 3. I LOVE the anti virus and the firewall, even if it is a basic, is exactly what I need.

Now, I am protected in about all ways, but I want to know about flaws in ip or tcp protocols and networking stack.

What if a packet comes to my computer. Is ESS looking at it to see if it is completly valid? If yes what does it looks at? At the end, the tcp or udp payload will be analysed by the antivirus, but I want to know before. Some remote code exectutions in the networking stack of various os have been discovered in the last years and I wanted to know how ESS 3 protected me from that.

So is ess 3 looking at the ip and tcp header for unexpected data and maliciously (just unusual) crafted packets?? What it is looking at?

Thanks for your help

Alex

 

Hi Alex,

I did not complete my testing as I wanted to give Eset some time to resolve reported issues.
From the minimal tests I did make, which are from my own testing (not official).

This is filtering of returned packet from an outbound request/connection;-

TCP is being checked to IP/Ports, flag filtering to remove illegals, and various IDS interceptions(complete tests still to make)

UDP, I only looked at DNS (as I was looking for the problems with the DNS attack reports) This is checked to IP/Port, transaction ID, checked for size/ correct format of payload for protocol (unexpected data packet is dropped).

I will give it a few more weeks for Eset to sort out any problems, then will make full tests.

- Stem

 

THANKS!

Thank you for your answer! I was started to think that it was impossible to have an answer here...

Anyway, I still use ESS version 3 (the bugs of 4... and 3 works well so I don't see why I would change!) so... is the things you say are tested in the version 3 or is it different than version 4?

Thanks

Alex

 

Hi Alex,

I have just downloaded V3, so I will check it out and post back the info.


- Stem

 

Hi Alex,


I have just made some quick tests on V3 and the TCP UDP filtering are giving the same results.
The changes in V4 firewall appear more around the ARP and the extra modes. So you are OK.


- Stem

 

Wow! Thanks a lot for making all those tests! I would be able to do them myself, but I don't have the hardware I would love to have... I only have one pc (and I can't afford to install stuff for testing on this one...) ... I should get a cheap pc used only for testing stuff...

Anyway, If ESS is protecting me at the ip, tcp and udp packet header level (for maliciously crafted packets targeted at flaws in windows networking stack, even if they are still unknown...) I should be protected...

I mean, ESS protects for this, my router protects for inbound traffic and for some kind of attacks (spi firewall...), my av protects for viruses and noscript with firefox takes care of the payload of the http packet... The only way to infect me would be by using a unknown flaw in Firefox and also be able to disable all the security of vista (DEP, UAC and all that stuff)...

This, with a minimum ammount of intelligence will be able to prevent all problems