connection limit for SPI

What happens when number of connections reach the limit set for TCP Stateful Packet Inspection? New connections are denyied, or totally unchecked, or unchecked by SPI or...?
-hojtsy-

 

My log files indicates that these new connections are blocked. But I am not 100% sure though....

Thomas

 

Hi,

the new connections are completly blocked, which is not so good if you are browsing or anything else unfortunaly.

regards,

gkweb.

 

Does the SPI limit include connections that are listening, time wait, etc or is it just for established connections?

 

Is there any benefit of having SPI if you are behind a hardware firewall such as the one built into better ADSL modems?
-hojtsy-

 

Hi,

in my opinion, if the hardware you use has already a SPI, it will only let pass legitimate connection flows, and a second SPI would have nothing to filter.

regards,

gkweb.

 

Actually I am not sure if the hardware FW has SPI. Any sites/software to test this?
-hojtsy-

 

Hi,

if you try an online website scan with disabling your personal firewall, if your ports are closed and or stealth then I guess your hardware modem is doing some NAT/SPI, if not, then I would say it does not.

I'm not sure if it's 100% reliable but that would be a clue.

regards,

gkweb.

 

Of course it does NAT. But as far as I know NAT only does a small subset of SPI. So I need a SPI specific tester site which sends all kinds of invalid packets.
-hojtsy-

 

I was placing equal NAT/SPI because I have in mind Netfilter firewall which is very good in both area.

But if you want a complete SPI, only IDS I think can satisfy you (Snort is very good IMO and is available for windows).

May be you could try a scan at http://www.securityspace.com/smysecure/index.html
which is a vulnerability scanner, but not sure it would help you anyway.
I don't know websites sending bogus packets in purpose.

regards,

gkweb.