Dcopymope

Prominent
BANNED
Aug 13, 2018
471
27
695
Can the firewalls on the modems provided to us by the various service providers perform deep packet inspection or can it only do stateful packet inspections? :unsure:
 

Dcopymope

Prominent
BANNED
Aug 13, 2018
471
27
695
They most surely will not do deep packet inspection.

However, they are usually quite good at blocking external traffic, even when you have port forwarding and whatnot enabled.

Well, still though, I was hoping they would be a little more concerned about their customers security. How is the firewall supposed to recognize if SSH traffic that's supposed to be on port 22 instead operates over HTTP ports? Is it good enough to block that kind of traffic? If its not and I become a target from a skilled hacker, I'm basically screwed.
 

kanewolf

Titan
Moderator
Well, still though, I was hoping they would be a little more concerned about their customers security. How is the firewall supposed to recognize if SSH traffic that's supposed to be on port 22 instead operates over HTTP ports? Is it good enough to block that kind of traffic? If its not and I become a target from a skilled hacker, I'm basically screwed.
If you are doing things that would draw the attention (or ire) of a skilled attacker, then you should have already deployed (or built) a more powerful firewall.

Why would you have ANY ports open that would allow unsolicited traffic into your network?
 

Dcopymope

Prominent
BANNED
Aug 13, 2018
471
27
695
If you are doing things that would draw the attention (or ire) of a skilled attacker, then you should have already deployed (or built) a more powerful firewall.

Why would you have ANY ports open that would allow unsolicited traffic into your network?

Well, I don't really, I think, but there are thousands of ports that a hacker can use from my understanding. I just assumed that the modem firewalls would already perform deep packet inspections since its the new end thing.
 
Well, still though, I was hoping they would be a little more concerned about their customers security. How is the firewall supposed to recognize if SSH traffic that's supposed to be on port 22 instead operates over HTTP ports? Is it good enough to block that kind of traffic? If its not and I become a target from a skilled hacker, I'm basically screwed.
Even enterprise routers won't catch that type of traffic without some sort of real-time threat management (read costs a lot). What you're talking about is usually a couple of hundred dollars a year in the enterprise world and that's after buying a router that's over a grand.
 
Well, I don't really, I think, but there are thousands of ports that a hacker can use from my understanding. I just assumed that the modem firewalls would already perform deep packet inspections since its the new end thing.
And NAT is what keeps those thousands of ports closed. In fact, even port 80 is closed unless it is used by your router for some sort of remote access.

I think keeping ports closed is a much simpler way for you to avoid any issues. Enterprises use deep packet inspection for both incoming and outgoing traffic as they will have a lot of systems on their lan. This is quite the overkill for a residence that can just unplug the Internet if there is a problem.
 
Pretty much any form of "deep packet inspection" is dead it is not new. Thanks to Mr. Snowden all traffic is now encrypted via https because of government packet inspection. There is nothing left to look at, all you can see are the ip addresses and maybe some information that can be guessed based on the length of the packets.

DNS is still open unless you use certain browsers but microsoft has said they are going to support encrypted dns in windows in a upcoming patch.

Even the IP addresses mean little anymore with all the virtual hosting. Sites like this site all come back to hosting services like akamai.

As a home user you should not have any incoming traffic coming to your router and even the cheapest router blocks unknown traffic with simple NAT. If you need to "inspect" your outgoing traffic you have a much larger issue when you have machines you can not trust on your internal network.