"Do Packet Checksum Verification" - Should I Use It?

[Guest]

[Chuck]

I have a home-based, stand alone, direct connection to internet via modem on a WinXPSP-2 PC, using latest CPF (along with NOD32, TrojanHunter and HOSTS file for realtime protection).  Just to see what would happen, I enabled "Do Packet Checksum Verification."  My computer continues to run fine and I noticed that now I sometimes get dozens of high severity events logged during a session, not always, but sometimes.  I find this intriguing and would like someone in the know to explain the significance of the access denials based upon checksum verification and if there is a reason why I shouldn't use it.  Just curious.  Thanks!

[egemen]

I have a home-based, stand alone, direct connection to internet via modem on a WinXPSP-2 PC, using latest CPF (along with NOD32, TrojanHunter and HOSTS file for realtime protection).  Just to see what would happen, I enabled "Do Packet Checksum Verification."  My computer continues to run fine and I noticed that now I sometimes get dozens of high severity events logged during a session, not always, but sometimes.  I find this intriguing and would like someone in the know to explain the significance of the access denials based upon checksum verification and if there is a reason why I shouldn't use it.  Just curious.  Thanks!

Some ethernet adapters calculates checksums in hardware for optimization. When this is a case, outgoing packets may be blocked because the checksum is not calculated yet. But if it is an incoming packet, then chsum verification is doing good.

A personal computer usually does not need such a verification as this verification is a defense against some DDOS attacks against server computers.

Hope this helps,
Egemen

[Nikos]

May i pop in plz and ask what exactly Packet CheckSum is and why it need verification?
Thank you.

[svein]

Ok, to simplify things:

A checksum is a mathematical way of controlling that the network packet is intact, and unmodified.

All (non-idiotic) network protocols include checksumming on layers 2 and 3. Most modern network adapters that do layer-3 decoding in the NIC, does the checksumming there, no need to worry.

The two reasons for enabling checksumming, would be:

a) to root out connectivity problems, i.e. packets that are damaged during transit from one host to another. The packet would simply be dropped (and thus seen as packetloss, and be retransmitted)
b) To be somewhat resistent to certain monkey-in-the-middle attacks, where a hostile machine between you and the remote host modifies data in the packet during transit, and thus inject "hostile" data.

If you are using a decent NIC, and are using good software, this shouldn't really be necessary to enable.

//Svein

[panic]

Ok, to simplify things:

A checksum is a mathematical way of controlling that the network packet is intact, and unmodified.

All (non-idiotic) network protocols include checksumming on layers 2 and 3. Most modern network adapters that do layer-3 decoding in the NIC, does the checksumming there, no need to worry.

The two reasons for enabling checksumming, would be:

a) to root out connectivity problems, i.e. packets that are damaged during transit from one host to another. The packet would simply be dropped (and thus seen as packetloss, and be retransmitted)
b) To be somewhat resistent to certain monkey-in-the-middle attacks, where a hostile machine between you and the remote host modifies data in the packet during transit, and thus inject "hostile" data.

If you are using a decent NIC, and are using good software, this shouldn't really be necessary to enable.

//Svein

Hey Svein,

EXCELLENT answer mate. Very clear, very concise and very comprehensible. Well done.

Ewen :-)

[Chuck]

Thank you all for your responses.

[Paulo]

(Added to FAQ.)

[Tags:]