built-in SPI firewall question.

Hi all,

is the stateful packet inspection (SPI) firewall built in some routers effective? so, if it's enabled in the router settings, can i not use the software firewalls like ZA or Sygate, etc...?

thanks

 

Well, yes and no.

Yes, it is effective, but it may not be the protection you want. SPI works like this...your computer program sends out a "request" for data across the internet to another computer....on the way through the router, your router checks the packet to see where it is going stores the info temporarily until the other computer responds. When the other computer responds and sends the info back the router looks at it to make certain the information coming in was requested and that it is coming from where it is supposed to. If so, it lets it in, if not, it blocks it.

Let's say you have a trojan on your computer you got by some other source and it is programmed to call out to server at 3 am. It sends a packet to the trojan writer and the trojan writer responds. In this case, the firewall is still passing it out and allowing something back in.

SPI is basic firewalling without rules and is best used to block port scanning, but doesn't help much when dealing with unknown trojans phoning home. Now, a ZA or Sygate might jump up and say "Hey dude, such and such program is trying to call out--is that ok?" (of course some programs will masquerade as an allowed program like IE, but that is another topic).

So, SPI is good for blocking incoming attacks, it adds a tiny bit of overhead to your connection, but it is generally useful. Note: It can block you from legitimate uses such as legal bit torrents and remote connections...in fact, bit torrents can cripple you connection with SPI enabled