Hi, everbody.
Everyone is invited in this thread.
The reason why I opened this thread is because I have questions regarding specifically Comodo Firewall and its history.
1.I remember Matousec said something about CFP 2.3.6.81. had weak inbound protection and that was full of security holes-can anyone please explain on what did he mean by that?
I was using that version and really nothing bad happened to my computer.
Maybe CFP 2.3.6.81. with all vulnerabilities didn’t have protection against ARP spoofing?
2.What about CFP 2.4.18.184-is this version vulnerable to ARP spoofing?
3.Inbound protection against bad and malformed connections(I don’t mean on preventing malware’s installation, just pure firewall function-inbound protection against unwanted connections):
This question might be a bit controversial:
What do you think, is better:
Stateful Packet Inspection (SPI) or Checksum verification, NDIS for protocol analysis that CFP uses?
The rason why I ask this is the following:
Some firewall moderators are insisting on SPI-but I don’t understand why.
Their arguments are following:
Checksum verification only checks if an connection is corrupted or not, while SPI checks if an connection good or bad-which is supposedly better and safer than what Checksum verificaqtion does.
Melih and Egemen said that they need a practical proof that their firewall’s inbound protection is weak, and I respect that-so far none has ever proved in practice, after all they would respond instantly.
But here is ANOTHER QUESTION:
Could anyone please explain me what is the main difference between packet Checksum verification (or + protocol analysis, because I use all of it when I use CFP) and SPI (SPI=Stateful Packet Inspection)?
I tried to find this answer everywhere on the internet but there is no website that explains what’s the difference between SPI and packet checksum verification?
Is there any reason why I should worried about?
Big thanks to everyone.
Please, let me know if I’m too intrusive with my questions.
Thanks to all.