bypassing the IP stack [closed]

A curiousity question, regarding

Security → Advanced / Advanced Attack Detection → Configure / Miscellaneous, the checkbox for ‘Monitor Other NDIS protocols’

on my machine, this checkbox is not marked. I presume this to mean, that if I was running IPX or some such that had its own stack drivers, that CFP will not monitor that traffic.

So, my question, does CFP alert to the existence of such a separate driver?

The though being, that if I wanted to bypass a firewall, would be to register or otherwise install my own stack driver and push traffic in raw form. I could claim it to be IPX or Netbeui or some private experimental whatever, and have it push classic IPv4 packets around any installed firewall.

For 2.4, I think the answer is no; it will not alert to the existence of such a separate driver. This seems related to the discussion in this thread (between Stem and Egemen primarily):
https://forums.comodo.com/leak_testingattacksvulnerability_research/warning_this_firewall_does_not_protect_anyone_it_is_easy_to_bypass-t12265.0.html

Sorry, you’ll have to read thru several pages that you may not find relevant. Based on Egemen’s posts, v3 will have a better grip on it than 2.4.

Hope that helps,

LM

hi,

does it cover ndis? mac level?

mike

LM, thank you… Very interesting thread to read. It did answer my curiousity question.

Great, I’m glad it helped, grue155!

Mike, see if the thread I linked helps answer your questions. There is some advanced discussion there about that sort of thing; you may also find some helpful info in there. Don’t know if it’ll answer your question or not, but it might be worth the time. I know you have some other threads where you are exploring your questions about MAC address and IP Spoofing; we’ll let those continue where they are…

Folks, since the question has been answered, I will close this thread. grue155; should you find you need it reopened, just PM a Moderator (please include a link back here) and we’ll be glad to do so.

LM