FNFirewall Leak test results

Discussion in 'other firewalls' started by Tronix74, Feb 22, 2008.

Thread Status:
Not open for further replies.
  1. Tronix74

    Tronix74 Registered Member

    Joined:
    Feb 17, 2008
    Posts:
    31
    Has anyone used the FNApp called FNFirewall for the KillerNIC card? It works differently than most firewalls as it's main portion runs from a Linux kernal directly on the NIC card. Has anyone used any leak tests to see how well the application is able to hold up to the latest security tests?
    Thanks!
     
  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Leaktest are normally a test made against the OS (dll injection, memory access, OLE control, etc)
    Such a firewall within a NIC, I would actually see as a remote/external firewall to the OS.(similar to the firewall within a router), so cannot see how such an implementation could intercept leaktests.

    Having a firewall within the NIC is not something new, as example, 3com did this a number of years ago
     
  3. Tronix74

    Tronix74 Registered Member

    Joined:
    Feb 17, 2008
    Posts:
    31
    I believe there is a small client that runs on the users PC that communicates with the firewall. That allows the firewall to open ports as necessary. I was just curious to know if that small client is able to intercept connection attempts by these leak-tester programs.
     
  4. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    You would be looking at something similar to uPnP, which would only be a simple control of open/close inbound ports. I would expect full access via console or via browser (as with a router) to create/edit rules (or enable/disable certain filters)

    I know there are applications (external firewall with internal control) that will pass such as PID (of the program running/ allowed internet) but that can defeat the object of having better/faster connection speed.

    I would like to get this hardware (or similar) to look at. What I have seen (on web), the reports vary, from good to bad.

    But no, you really need a "on OS" HIPS type function to prevent "leaks" (even if this info was to be passed on to an external firewall)
     
  5. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Indeed.
    AFAIK, the Killer NIC installs a NDIS driver which redirects traffic to the embedded Linux OS. By default, iptables (Linux firewall) allows all outbound communications.
     
  6. Tronix74

    Tronix74 Registered Member

    Joined:
    Feb 17, 2008
    Posts:
    31
    What this sounds like is basically the KillerNIC is allowing the computers to hook up outside a router-protected network (possibly in the DMZ of the network) for the sole purpose of getting a faster internet connection. This may have the downside then of preventing the user from being able to detect malware on their system which may try to send information surreptitiously.

    I can see the usefulness of such a feature however unless the user can use a HIPS program in conjunction with the KillerNIC (which I think is impossible because it bypasses the windows kernel-level drivers), this could create a serious security risk for the user.

    I'll check on their forums to find out how well (if at all) their program plays with software-based firewall software.
     
Thread Status:
Not open for further replies.