Firewall, SPI ...

Discussion in 'ESET Smart Security' started by guest, Apr 8, 2009.

Thread Status:
Not open for further replies.
  1. guest

    guest Guest

    Just wonder... If I set a rule in ESS that is only for outgoing connections, what aspects of incoming packets does the firewall looks at to see if it is part of an existing one? The ip? The port numbers? the sequence number?...

    Also, not about ESS but I have some NAT routers with SPI... If I understand, they check the ip, the ports and the sequence number of a connection to see if it is valid right? Is it the same thing as using ESS in automatic mode? (of course without the virus protection...)

    Thanks

    Alex
     
  2. guest

    guest Guest

    nobody knowso_O...
     
  3. wrathchild

    wrathchild Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    170
    Location:
    Neoplantesis
    From what I saw here, you'll hardly receive any technical answers (from developpers or mods) regarding firewall in ESS.
    I guess firewall in ESS don't have SPI (stateful packet inspection) capability.
     
  4. guest

    guest Guest

    Wow... no technical answers in the official eset forum... o_O Any reason for that? It seems to be THE place for it?

    Anyway... I think I will be looking to buy another firewall...
     
  5. wrathchild

    wrathchild Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    170
    Location:
    Neoplantesis
    Well, not always but usually there is not straight answers to tough questions (you can browse through older posts and see for yourself :cool: )

    If you look for a firewall without hard-coded rules that's a good move.
     
  6. guest

    guest Guest

    Well, actually, ess does have a lot of sort of hard-coded rules but they can be disabled (not deleted)

    Anyway... I don't think my question is very tough... I mean... How does the firewall know that a packet is part of an existing connection (in the case of an outgoing only rule)...

    There is 3 options! It could be looking at the port only, performing a sort of port translation. So everything that comes back to that port is believed to be part of this connection...

    It could also look at the ip... But in that case, only 1 application would be able to access a particular ip at a given time...

    So... It could be using both... is it that?

    And for the SPI... it is not very hard again... Does it include a kind of SPI? Yes or no...

    Anyway...

    Thanks
     
Thread Status:
Not open for further replies.