connection limit for SPI

Discussion in 'LnS English Forum' started by hojtsy, Jun 15, 2004.

Thread Status:
Not open for further replies.
  1. hojtsy

    hojtsy Registered Member

    Joined:
    Dec 28, 2003
    Posts:
    351
    What happens when number of connections reach the limit set for TCP Stateful Packet Inspection? New connections are denyied, or totally unchecked, or unchecked by SPI or...?
    -hojtsy-
     
  2. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    My log files indicates that these new connections are blocked. But I am not 100% sure though....

    Thomas :)
     
  3. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Hi,

    the new connections are completly blocked, which is not so good if you are browsing or anything else unfortunaly.

    regards,

    gkweb.
     
  4. rerun2

    rerun2 Registered Member

    Joined:
    Aug 27, 2003
    Posts:
    338
    Does the SPI limit include connections that are listening, time wait, etc or is it just for established connections?
     
  5. hojtsy

    hojtsy Registered Member

    Joined:
    Dec 28, 2003
    Posts:
    351
    Is there any benefit of having SPI if you are behind a hardware firewall such as the one built into better ADSL modems?
    -hojtsy-
     
  6. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Hi,

    in my opinion, if the hardware you use has already a SPI, it will only let pass legitimate connection flows, and a second SPI would have nothing to filter.

    regards,

    gkweb.
     
  7. hojtsy

    hojtsy Registered Member

    Joined:
    Dec 28, 2003
    Posts:
    351
    Actually I am not sure if the hardware FW has SPI. Any sites/software to test this?
    -hojtsy-
     
  8. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Hi,

    if you try an online website scan with disabling your personal firewall, if your ports are closed and or stealth then I guess your hardware modem is doing some NAT/SPI, if not, then I would say it does not.

    I'm not sure if it's 100% reliable but that would be a clue.

    regards,

    gkweb.
     
  9. hojtsy

    hojtsy Registered Member

    Joined:
    Dec 28, 2003
    Posts:
    351
    Of course it does NAT. But as far as I know NAT only does a small subset of SPI. So I need a SPI specific tester site which sends all kinds of invalid packets.
    -hojtsy-
     
  10. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    I was placing equal NAT/SPI because I have in mind Netfilter firewall which is very good in both area.

    But if you want a complete SPI, only IDS I think can satisfy you (Snort is very good IMO and is available for windows).

    May be you could try a scan at http://www.securityspace.com/smysecure/index.html
    which is a vulnerability scanner, but not sure it would help you anyway.
    I don't know websites sending bogus packets in purpose.

    regards,

    gkweb.
     
Thread Status:
Not open for further replies.