Strict UDP session contol in 2700 HGV firewall

Started by Gary, Jan 06, 2008, 18:28:35

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Gary

This setting on the 2700 HGV is said to give higher protection but could stop some online applications working, having scoured google for hours I am none the wiser if it should be on or off :-\ does anyone with a 2700 here use it? This is what I found online:

Enabling this feature provides increased security by preventing the 2Wire gateway from accepting packets
sent from an unknown source over an existing connection.
Strict UDP instructs the 2Wire gateway to be more restrictive about what packets are allowed to transmit
over an established connection from a local network computer to the Internet. In addition to relying on
information about the destination (3-tuple), the 2Wire gateway will also use information about the source of
the connection (5-tuple).
To enable strict UDP session control:


The ability to send traffic based on destination only is required by some applications.
Enabling this feature may not allow some on-line applications to work properly.
Damned, if you do damned if you don't

Adam

I suspect most routers come with that "off" as default, or simply don't include the option. I see no real reason to enable it for an average home user, unless you are very security concious. Though legitimate traffic should be fine with it turned on, not all applications follow standards therefore it may cause a few to not work correctly.
Adam

Gary

#2
Thanks for the quick reply and help Adam  ;D I'll leave it disabled I think, extra security is always a good thing, I understand some illicit packets can piggyback on legitimate ones hence the setting, I was just a bit lost when it said a) tuple 3 and 5 (no idea) and what applications it could break and would I even notice them more to the point, e.g windows services etc.
Damned, if you do damned if you don't

Adam

No problem, glad to help. :) I believe the 3-tuple and 5-tuple refers to the information contained in the packet headers. I doubt you'd notice it unless you ran some UDP based application/protocol which didn't conform to standards. As far as I'm aware most critical services use TCP, though VoIP does use UDP.
Adam

Gary

#4
I think when you use webcams with instant messengers this may have caused an issue with that setting on possibly Adam thinking about it, its frustrating when you cannot glean enough information online sometimes and the subject matter is a little over your head as well ::) once again thanks for a concise answer
Damned, if you do damned if you don't

Inactive

Quote from: Killhippie on Jan 06, 2008, 18:59:25
the subject matter is a little over your head as well ::)

You should worry Gary, almost all of it is " over my head "..  ;D
Anything and everything that I post on here is purely my opinion, it ain't going to change the world, you are under no obligation to agree with me, it is purely my expressed opinion.