Why install a firewall?

Hey Sully:

I'm not quite sure how high this possibility is and it would be unlikely caused by a purposeful malicious attack.

Again, I am still at a loss when it comes to packet filtering, spoofing protection etc.

Stem says that a firewall with proper packet filtering or whatever can "keep junk out". So what are the realistic benefits of this? From the cryptic language (to me anyway haha), I'd say this:
1. Possibly prevents loss of internet
2. Increases the efficiency of your internet connection? Faster download/upload speeds maybe? Really?
3. Security benefits? On a home LAN with a good security "setup" and "approach"? I doubt it.

 

Benefits or being necessary for home use? Who knows how important or necessary it is. The point is if a vendor is going to advertise spi, whether it be a router or software fw vendor, is it not reasonable to expect the spi functionality to at least work in an acceptable manner, even if it's not required for home security? After all, you are paying for that "feature", so it should work effectively and not half-arsed. Even the built-in Windows firewall checks TCP flags better than most 3rd party products.

 

Thanks for the reply wat0114, but I was just relating the discussion back to the original thread topic haha.

 

Oh well, I figured the filtering benefits or lack thereof is somehow related to the topic.

 

And the question I still have is whether the benefits are really worth-while, or whether they can actually cause harm? I've been reading that with SPI enabled (and I'm still really struggling to get a good understanding of what exactly SPI is...someone please clarify again if they can be bothered haha), much higher ping levels (eg. in online gaming) are observed.

Are there any other potential harms? Or are there no harms at all if configured properly?

 

There's a pretty good article here dated 2003 that I found seems to explain it well without getting getting into too much technical detail. She compares the advantages and disadvantages of the different filtering techniques. IMO if one has a basic understanding of packet filtering and protocols involved, as well as the security implications on them, then it is easier to form an opinion - pro or con - on whether a firewall is necessary. I would maintain that for home use nothing special is likely required, if at all (a home-grade, NAT firewalled router should be considered a must, imo), especially if you're sitting behind a serious ISP. For enterprise it's a totally different story altogether.

 

Becasue it only involves TCP, it the article might read easier when you have an undertsanding of the information available in the header flags

see http://www.daemon.org/tcp.html

Sequence Number/Acknoledge number
In a sliding window protocol like TCP, the sequence number allows both TCP stacks to know what packets have been received and which ones have not. Say for instance I get mail messages 1,2,3,5,6,7,8,9, and 10 from you when I know you are sending 10 messages. If you numbered each of your messages, I can look through and see that I do not have message number 4, and I can tell you to send me another copy of that. The sequence number works very much like this, as well as to allow for a little security so that other users cannot easily break into the middle of your connection and continue where you left off.

 

What I did not see in the description of UDP is the fact that an Identification number within the UDP packet can be stored, then the reply UDP packet should also contain the same Identification(A number between 0-65535) This is helpful to determine if a reply to a DNS lookup is genuine.

 

Stem, is right.

I've been using DNS Identification since before Look 'n' Stop went public with v2.06p2 (12-14-2007) - Addition of new SPF (Stateful Packet Filtering) rules. These rules verify packet exchanges for simple connectionless protocols (UDP, DHCP, ICMP-Echo,…). These rules are created with the raw rule edition plugin, but can be imported and used without the plugin.


And not a problem yet.


...

Regards,
Phant0m``

 

@Stem and @Phant0m,

thank you for the clarification. It's good to know there is at least some form of checking the UDP protocol