New PC Tools firewall with local proxy support

Discussion in 'other firewalls' started by MGhell, Feb 27, 2008.

Thread Status:
Not open for further replies.
  1. MGhell

    MGhell Registered Member

    Joined:
    Jul 9, 2006
    Posts:
    14
  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I see they are back to "lose terms" of SPI again.

    Maybe the direct question of "What packet filtering capability is within the firewall" should be asked?

    I find terminology differs from Vendor to Vendor, with none appearing to give full information, then it is needed to actually set up/check such statements (to check SPI implementation). It can be time consuming to check, with non-direct reply from vendor of findings.
     
  3. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Considering that PCTools is a fork of LnS, I doubt that it has pseudo stateful UDP either.
     
  4. MGhell

    MGhell Registered Member

    Joined:
    Jul 9, 2006
    Posts:
    14
    What does that mean? Is SPI of the Pc Tools Firewall and/or LnS flawed?

     
  5. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    For LnS see this post

    PC tools firewall put forward its own implementation of SPI
    This statement in itself is flawed (unless the statement is incomplete), just due to correct connection (Handshake) does not then mean spoofed attempts will not be made. SPI (packet filtering) will normally consist of checks on each TCP packets sequence number to check it is part of current connection.
     
  6. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    I believe the Pseudo stateful UDP in LnS is limited to a few services. It will not help with Skype to Skype NAT piercing without going through a Skype server.
     
  7. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    The thread is for PC tools firewall, that is why I simply placed a link for explanation of the implementation by LnS. Please start a new thread for off topic subjects (I will certainly join discussion on LnS new SPF).

    TIA,
    Stem
     
  8. FadeAway

    FadeAway Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    270
    Location:
    USA
    The old Sygate on-line scanner included a test as to whether
    or not your FW was using actual SPI, or just filtering by rules. I
    don't have enough tech skills to understand how that test worked,
    but I know it did, because I ran some stateless FWs against it.
    Is there anything like that available at present to test PC Tools FW?
    If so, can the scope of the SPI be determined?
     
  9. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Various scans can determine how ports are filtered (so what type of firewall), this can be done with nmap.

    I normally go the long route when checking, and send constructed packets to ports used by (for example) the browser, I can then find to what level the firewall filters packets (out of sequence/ invalids flags etc).
     
  10. nhamilton

    nhamilton Registered Member

    Joined:
    Jul 31, 2007
    Posts:
    61
    The only difference between the SPI in LnS and PC Tools Firewall is that LnS has a fixed size list, so if you reach that you can not accept any new connections. PCTools one is dynamic. The post you refer to has no mention of SPI that I could see. They do refer Stateful Packet Filtering rules, which is different to SPI. PC Tools does have some of those, like disallow fragmented packets. It could expand on that I guess.
     
  11. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I would certainly like to see your test results for SPI within PC tools.
    The link was in respect to the pseudo state filtering of ICMP/UDP (I should of linked MGhell question with Diver reply)

    If you have knowledge of the packet filtering of PC tools firewall, please put these details forward, I will then check.
     
Loading...
Thread Status:
Not open for further replies.