New PC Tools firewall with local proxy support

Read about it here:

http://www.pctools.com/forum/showthread.php?t=50784

 

I see they are back to "lose terms" of SPI again.

Maybe the direct question of "What packet filtering capability is within the firewall" should be asked?

I find terminology differs from Vendor to Vendor, with none appearing to give full information, then it is needed to actually set up/check such statements (to check SPI implementation). It can be time consuming to check, with non-direct reply from vendor of findings.

 

Considering that PCTools is a fork of LnS, I doubt that it has pseudo stateful UDP either.

 

What does that mean? Is SPI of the Pc Tools Firewall and/or LnS flawed?

 

For LnS see this post

PC tools firewall put forward its own implementation of SPI

This statement in itself is flawed (unless the statement is incomplete), just due to correct connection (Handshake) does not then mean spoofed attempts will not be made. SPI (packet filtering) will normally consist of checks on each TCP packets sequence number to check it is part of current connection.

 

I believe the Pseudo stateful UDP in LnS is limited to a few services. It will not help with Skype to Skype NAT piercing without going through a Skype server.

 

The thread is for PC tools firewall, that is why I simply placed a link for explanation of the implementation by LnS. Please start a new thread for off topic subjects (I will certainly join discussion on LnS new SPF).

TIA,
Stem

 

The old Sygate on-line scanner included a test as to whether
or not your FW was using actual SPI, or just filtering by rules. I
don't have enough tech skills to understand how that test worked,
but I know it did, because I ran some stateless FWs against it.
Is there anything like that available at present to test PC Tools FW?
If so, can the scope of the SPI be determined?

 

Various scans can determine how ports are filtered (so what type of firewall), this can be done with nmap.

I normally go the long route when checking, and send constructed packets to ports used by (for example) the browser, I can then find to what level the firewall filters packets (out of sequence/ invalids flags etc).

 

The only difference between the SPI in LnS and PC Tools Firewall is that LnS has a fixed size list, so if you reach that you can not accept any new connections. PCTools one is dynamic. The post you refer to has no mention of SPI that I could see. They do refer Stateful Packet Filtering rules, which is different to SPI. PC Tools does have some of those, like disallow fragmented packets. It could expand on that I guess.

 

I would certainly like to see your test results for SPI within PC tools.

The link was in respect to the pseudo state filtering of ICMP/UDP (I should of linked MGhell question with Diver reply)

If you have knowledge of the packet filtering of PC tools firewall, please put these details forward, I will then check.