Stingray home firewall

| Comments (6) | TrackBacks (14) |
Stingray's home firewall product is getting a fair bit of press. Among the claims made for it are:
  1. No configuration
  2. No maintenance
  3. No patches and upgrades required
  4. Complete protection from Viruses and all Hacking attempts
  5. Stingray's line speed is 10mbps, the chances of DOS in a 10mbps Ethernet environment is virtually nil.

Claims (1) and (2) seem straightforward enough. Most consumer grade NATs can do this kind of firewalling. However, consider claims (3) and (4). With currently available technology protection against viruses takes two major forms: firewalling off potentially sensitive ports and screening for bad traffic. The firewalling step is relatively straightforward, but the screening stage relies on a database of signatures of known viruses. When the screening software detects those signatures it blocks the traffic that is carrying them. That's why your antivirus software needs to phone home periodically for updates. Unless Stingray has made a major breakthrough--and their website shows no sign of any such breakthrough or of having the high powered security staff you would expect to need to make such a breakthrough--it seems likely that either Stingray's antivirus phones home for upgrades or that it doesn't work. Now, there's nothing necessarily wrong with phoning home, but if that's what you do it's pretty disingenous to claim that you don't need upgrading. The technical term here is "automatic updates."

If claims (3) and (4) were disingenuous, claim (5) is downright strange. The Stringray interface is 10mbps so that makes it hard to DoS? Huh? I can't tell if the claim here is that DoS is difficult because the interface is too fast or too slow. In any case, it doesn't make much sense. There are two basic kinds of DoS: system resource consumption and bandwidth consumption. System resource consumption attacks are generally low bandwidth attacks that don't really depend on the size of the link. Bandwidth consumption attacks are of course easier to mount over low bandwidth links (and 10 mbps is very slow by modern networking standards), but the relevant speed here isn't the speed of the firewall's interface but of the broadband link they're connected to, which is generally in the range of 1-5 mbps for home or small business applications.

The strangest claim, though, doesn't seem to appear on their web site but on some of news coverage. Here's Gizmodo:

There are so many different firewalls out available to the public and they all share a similar idea of protection code and algorithms. What makes the Stingray Firewall different is that it randomly creates the random protection code algorithms on the fly. So random algorithms of protection = no hackz0rs stealing my garbage files.

I'm assuming that the Gizmodo guys didn't just make this up (it also appears in some other coverage), but it correspond to any security technology I'm familiar with--at least not one that works--any EG readers want to take a shot at translating this?

14 TrackBacks

Listed below are links to blogs that reference this entry: Stingray home firewall.

TrackBack URL for this entry: http://www.educatedguesswork.org/cgi-bin/mt/mt-tb.cgi/376

alprazolam online from alprazolam online on September 9, 2005 11:33 PM

alprazolam online Read More

alaska airlines from alaska airlines on October 7, 2005 10:24 PM

alaska airlines Read More

100% free sex trailers Raped girls free gallery pictures Russian mom son videos Sexy moms having sex videos Read More

testcomment974 Read More

veryniceblog . Read More

discussion.Braille bales Opel:order xanax http://www.realestatenow.net/order-xanax.html Read More

insight Stendler?grownup testing manic online prescription drugs http://online-prescription-drugs.pharmacy-here.com/ Read More

Clip cartoon sex free from Dad teaches daughter xxx on December 25, 2005 10:05 AM

Europe rape videos Young teenage sex clips Muslim girls nude sex pic Free teen art movie Read More

alaska airlines from alaska airlines on January 11, 2006 12:13 AM

alaska airlines Read More

Free Ringtones from Free Ringtones on January 19, 2006 9:09 PM

Free Ringtones Read More

jetblue flights from jetblue flights on January 30, 2006 10:38 PM

jetblue flights Read More

kelly blue book Read More

6 Comments

My guess on (3) is that they mean no patches _to your computer_ and no firmware updates _from your computer_. I imagine from the perspective of the typical user, this is reasonably close to what he would interpret the claim to mean.

Obviously, from a technically savvy person's perspective, phoning home is a bit of a cheat with regard to the claim. But if it will phone home for all updates, unlike many products that require firmware updates from a computer, that's a minor advance.

I have no idea about the rest of the stuff. "Random protection code algorithms"? I guess this is a form of, "He's so crazy, we don't know what he'll do next."

Eric, repeat after me: NAT is not a security feature. Zero configuration means that the box has a protocol helper for active-mode FTP (otherwise you'd have to reconfigure IE because since version 6, active mode is the default). Attacks like this one will allow you to remotely access services on machines behind such a NAT device: http://www.enyo.de/fw/security/java-firewall/

It's an old trick (as a later found out), but it still works pretty well, even against some host-based packet filters.

I don't agree that this demonstrates that NAT isn't a security feature. Just because there are some attacks that can bypass your NAT doesn't mean that the NAT doesn't provide some security. There are many attacks which *are* stopped by NAT. And since in most cases you're not being directly attacked but rather getting the Internet security equivalent of background radiation, that's a worthwhile thing.

Here's what it says on the ThinkGeek page pointed to by Gizmodo: "Unlike conventional firewalling solutions which are bound by a static rule set (a static set of instructions to process information), Stingray's Intelligent Firewall automatically creates its rule sets on the fly, making it impossible for hackers to determine out the algorithm or function during communication."

That's not completely clear either but it seems slightly more comprehensible than the Gizmodo gibberish. Maybe this is some kind of adaptive algorithm that would look at your usual traffic and try to detect variations from the norm?

Stingray's CEO was the COO for Saafnet (now named AlphaShield at www.alphashield.com). They used to have a million dollar "hack this" prize on their appliance that appears to have very similar features to the Stingray. From what I can tell it is a "gap" technology firewall that uses "artificial intelligence" to make its allow/deny decisions.

I tend to agree with Kevin, let's not present NAT as a security feature, this was NOT the purpose when it was first created and is not its purpose now. From some of the materials that I have read, Stingray provides two forms of product, one Adaptive Hardware Firewall and a av software that you install into your computer. Hence, when they claim no configuration, patches or updates, they are talking about the Hardware. Next, line speed is the processing speed of the hardware. As most hardware, from my experience, provides a line speed of 3 - 5 Mbps and subject to 'bottlenecks,' having a device that meets your broadband line speed is really interesting. This does not seem to be GAP which, for what I can acsertain, is just a 'Disconnect' feature but an adaptive algorithm that seems to facilitate user's requests on-the-fly w/o the need for a static firewall rule set. If this is the case...it definately is something that is new.

Leave a comment