Stateful Packet Inspection & DoS Attacks?

Discussion in 'other firewalls' started by siberianwolf, Nov 10, 2010.

Thread Status:
Not open for further replies.
  1. siberianwolf

    siberianwolf Registered Member

    Joined:
    Feb 15, 2009
    Posts:
    516
    when i activate the spi in my router, problems arise.
    many web pages stop responding after a few minutes i start browsing them. and when i refresh the page, at the mostleft bottom of browser "dns cache error" warning appears whenever i press f5, then disappears.
    but if i disable spi and dos attack feature, those websites persistently stop responding start to respond.
    and my browsing session gets drastically faster.
    what am i supposed to do? i know i should keep them on. but if i keep them on , have these issues. if i don't, my pc's become open to whole www.
    i'm stuck, waiting for your help.
    thanks.

    here's what i'm talking about:
    http://kb.netgear.com/app/answers/detail/a_id/1178
     
  2. siberianwolf

    siberianwolf Registered Member

    Joined:
    Feb 15, 2009
    Posts:
    516
    any ideas, folks?
     
  3. swami

    swami Registered Member

    Joined:
    Mar 24, 2006
    Posts:
    167
    I'd turn them off. If your router is in routing mode, not bridged, all the packets coming to the computer must be asked by it. Thus the router already drops not asked packets.
    DoS attacks are quite unlikely also at home.
    I don't think you gain anything security-wise.
     
  4. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    You state you have 2 options, SPI & DoS. It is highly unlikely a home user will be DoS/DDoS'd and even if he/she was in most cases you can just reset the router for a new IP, which most people would do if their internet was slow anyway.

    I've always recommened turning off DoS features if possible in routers as it generally just causes False Positives, especially with online games that spray lots of UDP packets.

    Anyway, try it with SPI on and DoS off.
     
  5. JuanP1000

    JuanP1000 Registered Member

    Joined:
    Aug 25, 2010
    Posts:
    43
    Unless you are running a webserver and have a static IP at home i will keep it on....otherwise as others have told you turn it off.. and rely on your firewall
     
  6. siberianwolf

    siberianwolf Registered Member

    Joined:
    Feb 15, 2009
    Posts:
    516
    thank you so very much for your answers guys.
    @swami:
    not in bridge mode, just routing.

    @funkydude:
    dude, unfortunately i can't turn'em on or off separately. it's either both turned on or both turned off. single option. in this case, what is it you'd recommend?

    @juanp1000:
    i don't use a firewall software, since i've been relying on router's fw capacities for a long time. so in this case, what to do?

    thanks.
     
  7. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    A simple NAT router will drop all unsolicited inbound by default, whether or not you have it's additional firewall on or off. I'd just turn it off and rely on NAT. You really don't need anything else...
     
  8. siberianwolf

    siberianwolf Registered Member

    Joined:
    Feb 15, 2009
    Posts:
    516
    thank you kerodo. so what you're saying is if nat is on (how do we know if it's on and fully working, btw? cuz i haven't altered default settings. so does this mean nat's on and fully on duty anyway as you say?) and even if i don't use a fw sw, it's ok?
    if i turn them off, wouldn't it make my pc fully visible to whole www and the websites i browse? giving all the privacy away or something? i mean if i turn them off, when i take the fw test @gibson research co's website (grc), it warns me and says i'm completely visible and not safe.
    wouldn't i be revealing all the info and real ip, etc. if i turn em off?
    i'm just curious and don't wanna throw security away just for this. thanks a lot.

    and here's what it looks like:
     

    Attached Files:

    • 1.JPG
      1.JPG
      File size:
      76.3 KB
      Views:
      6
    Last edited: Nov 11, 2010
  9. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    NAT is generally on by default.
    If you wish to keep SPI off, you'll most likely be fine. I recommend you turn on the Windows Firewall though, it's simple, and doesn't moan at you constantly for every little thing.

    Alternatevely, you could try enabling SPI and disabling the fragmented packets option and see if that works for you.
     
  10. siberianwolf

    siberianwolf Registered Member

    Joined:
    Feb 15, 2009
    Posts:
    516
    Last edited: Nov 12, 2010
  11. siberianwolf

    siberianwolf Registered Member

    Joined:
    Feb 15, 2009
    Posts:
    516
    seems increasing the value for "maximum incomplete tcp udp sessions number from same host" in router fw settings kinda solves image display problems. but the problem mainly persists.
     
    Last edited: Nov 12, 2010
Thread Status:
Not open for further replies.