IP Filter

What is it ?

IPFilter is a software package that can be used to provide network address translation (NAT) or firewall services. To use, it can either be used as a loadable kernel module or incorporated into your UNIX kernel; use as a loadable kernel module where possible is highly recommended. Scripts are provided to install and patch system files, as required.

To see an overview of how IP Filter fits into the overall picture of TCP/IP with your kernel and the order in which the various phases of packet processing is done, click here.

The firewall can:

• explicitly deny/permit any packet from passing through
• distinguish between various interfaces

and can match on the follow IP header fields:

• source/destination IP address (including inverted matches)
• IP protocol
• TOS (Type of Service)
• any of the 19 IP options or 8 registered IP security classes
• fragments (if it is or isn't)

In addition, IPFilter can

• send back an ICMP error/TCP reset for denied packets
• keep packet state information for TCP, UDP and ICMP packet flows.
• keep fragment state information for any IP packet, applying the same rule to all fragments.
• act as a Network Address Translator (NAT)
• use redirection to setup true transparent proxy connections.
• provide packet header details to a user program for authentication
• in addition, supports temporary storage of pre-authenticated rules for passing packets through

Special provision is made for the three most common Internet protocols, TCP, UDP and ICMP. IP Filter rules allow for packets to be matched based on:

• TCP/UDP packets by port number or a port number range
• ICMP packets by type/code
• "established" TCP packets
• on any arbitrary combination of TCP flags
• "short" (fragmented) IP packets with incomplete headers

To keep track of the performance of IP Filter, a logging device is used which supports logging of:

• the TCP/UDP/ICMP and IP packet headers
• the first 128 bytes of the packet (including headers)

when:

• a packet is successfully passed through
• a packet is blocked from passing through
• it matches a rule setup to look for suspicious packets

To examine a set of example rule files and an example of what can be done, click here.

IPFilter keeps its own set of statistics on:

• packets blocked
• packets (and bytes!) used for accounting
• packets passed
• packets logged
• attempts to log which failed (buffer full)

and much more, for packets going both in and out.

The current implementation provides a small set of tools, which can easily be used and integrated with regular unix shells and tools. Amongst these tools is a new addition, ipftest, which is provided so that you can test a rule set before committing it to use in your kernel. A brief description of the tools provided:

1. ipf - reads in a set of rules, from either stdin or a file, and adds them to the kernels current list (appending them). It can also be used to flush the current firewall rule set or delete individual firewall rules.
2. ipfstat - interrogates the kernel for statistics on packet processing, so far, and retrieves the list of firewall rules in operation for inbound and outbound packets.
3. ipftest - reads in a ipf rule file and then applies sample IP packets to the rule file. This allows for testing of firewall rule list and examination of how a packet is passed along through it.
4. ipmon - reads buffered data from the logging device (default is /dev/ipl) for output to either:

* screen (standard output)
* file
* syslog

5. ipsend - generates arbitary IP packets for ethernet connected machines.
6. ipresend - reads in a data file of saved IP packets (ie snoop/tcpdump/etherfind output) and sends it back across the network.
7. iptest - contains a set of test "programs" which send out a series of IP packets, aimed at testing the strength of the TCP/IP stack at which it is aimed at. WARNING: may crash machine(s) targeted!
8. ipnat - reads in a set of rules, from either stdin or a file and adds them to the kernels current list of active NAT rules. NAT rules can also be deleted using ipnat.

Documentation on ioctl's and the format of data saved to the logging character device is provided so that you may develop your own applications to work with or in place of any of the above.

To retrieve this package via anonymous ftp, use: ftp://coombs.anu.edu.au/pub/net/ip-filter/ip_fil4.1.28.tar.gz

The Best Bargain PCs

Buying a computer is always an exercise in compromise. When you're deciding whether a budget-priced PC will match your power and expandability needs, the answer depends on how many concessions you're willing to make.

To help with your decision, we put seven sub-$750 desktop PCs (each came with a monitor, a mouse, and a keyboard) and five sub-$1000 laptops--including those from the major brands--through their paces in the PC World Test Center. As always, we tested performance in productivity applications using our WorldBench 6 Beta 2 benchmark and evaluated the gaming capabilities--such as they were--of each system using Doom 3 and Far Cry test scripts at a variety of resolutions. We also compiled a reality check of key budget-PC trade-offs: See "What Does $1000 Really Buy?". Finally, look for our in-depth reviews for each model at the links on the next page, plus rankings, specifications, and test scores for all of the Top 5 desktops and laptops in this story.

Windows Shopping

All the desktops and laptops we tested shipped with Windows Vista--usually the 32-bit version of Vista Home Premium, which costs about $100 if you were to buy it separately. Sys Technology's $708 Sys SlimLine Si200 desktop and Toshiba's $699 Satellite Pro A210-EZ2201 laptop came with the less expensive (roughly $70) Vista Home Basic. Among other things, Basic lacks support for the Aero environment and its translucent effects. Two models--Acer's $748 Veriton VM460-UD2180C desktop and Fujitsu's $899 LifeBook S7211 laptop--had Vista Business, which retails for about $120; it lacks Vista Home's Parental Controls but adds office-centric extras such as full Remote Desktop support and Rights Management Services.

Despite boasting more expansion room than most value PCs have, the Acer Veriton wasn't as well equipped as competing desktops that cost less, so it missed our Top 5 chart. Also missing the cut was HP's $719 Pavilion Slimline s3300z. It sports the same ultracompact design as other models in HP's Slimline series and uses an energy-efficient 1.9-GHz AMD Athlon 64 X2 BE-2300 processor, but its unexceptional speed and limited expansion options were big drawbacks.

Rating Performance

Finally, you may notice that our charts provide context for a system's WorldBench 6 Beta 2 performance numbers by describing the result on a word scale: Superior, Very Good, Good, Fair, or Poor. Though a sub-$1000 desktop that scores 77 in WorldBench 6 may deserve its Superior performance rating when compared with similarly priced machines--which is what we've done in this roundup--it's important to remember that if it were compared against power desktops, where price is no objection and WorldBench 6 Beta 2 results over 120 are common, then that sub-$1000 PC's performance word score would drop to Poor. Performance results should always be kept in proper perspective.

Kaspersky Internet Security 6

Reviews By Neil J. Rubenking

Quick—think of three antivirus programs. Are they all from American companies? If so, you may want to broaden your horizons. This full-scale security suite from Moscow adds spyware protection, a spam filter, and a powerful firewall to the well-respected Kaspersky Anti-Virus (KAV)—a household name in Russia and Europe but less well known in the U.S.

Read the Kaspersky Internet Security 6 full review

Bottom Line

Kaspersky Internet Security 6 keeps viruses and spyware off your system with powerful real-time protection and scanning. Its firewall goes beyond the basics, protecting against malware-style leak-test techniques (but also warning against some innocuous programs). As with many security suites, its weakest element is spam protection.

Pros

Antivirus scans files on access and scans e-mail and Internet traffic. Skips unchanged files to speed scanning. Firewall's Proactive Defense blocks malware-style leak tests.

Cons

Proactive Defense reports many innocent events. Antispam accuracy is mediocre. No privacy protection or parental-control features. Conflicted with other programs on one test system.

Menanti Kelahiran USB 3.0

: Sediakan 10 kali ganda lebih kelajuan berbanding USB 2.0

Kata orang menanti kelahiran anak pertama sungguh mendebarkan. Mungkin itulah yang dirasai oleh pengikut dunia IT di luar sana. Berdebar-debar dan teruja menantikan kelahiran atau kemunculan bukan anak tetapi teknologi Universal Serial Bus (USB) 3.0 yang bakal memberi kelajuan dan kecekapan 10 kali ganda lebih tinggi berbanding USB 2.0.

Meskipun masih dalam peringkat prototaip, serba sedikit informasi mengenainya sudah pun di bawa keluar dan sedang hebat diperkatakan di forum mahu pun laman web IT. Ia untuk memastikan agar penggemar IT atau pengguna di luar sana mengetahui bahawa kita sedang menuju ke teknologi yang lebih canggih dan maju.

Jika kita sentuh sedikit mengenai sejarahnya, USB merupakan teknologi standard bas Serial untuk antaramuka peranti yang membenarkan perhubungan pada soket antaramuka tunggal. Ia turut dicipta untuk meningkatkan keupayaan Plug and Play dengan membenarkan peranti disambungkan (connect) dan merungkai sambungan (disconnect) tanpa perlu ‘reboot’ Hot Swapping pada komputer. Ia memberi cara mudah kerana pengguna tidak perlu lagi melalui beberapa protokol remeh untuk pemasangan dan perungkaian pada sistem komputer.

Satu lagi yang menjadi kelebihan teknologi USB ini ialah penggunaan kuasa rendah. Ia kerana sumber kuasa luaran dan pemacu peranti individu spesifik tidak diperlukan untuk menjalankan USB. Pengguna boleh terus menggunakan peranti yang disambung tanpa perlu ‘banyak soal’. Ia sesuai dengan konsep asal ciptaan USB iaitu untuk membantu perhubungan pelbagai peranti pada satu port mudah dan mengurangkan penggunaan wayar yang kadangkala berserabut dan boleh memeningkan kepala pengguna.

USB memungkinkan perhubungan peralatan komputer seperti tetikus, papan kekunci, PDA, pad permainan, joystik, pengimbas, pencetak dan banyak lagi. Kini, ia telah menjadi teknologi lazim dan ‘wajib ada’ pada setiap peralatan atau peranti IT termasuk peranti wayarles yang tidak memerlukan sambungan pada komputer seperti pencetak tanpa rangkaian atau pencetak multi-fungsi.

Selain itu, di awal kemuculan USB iaitu sekitar tahun 1995 hingga 1996, USB 1.0 yang ditawarkan kepada pengguna adalah pada kadar kelajuan hanya 1.5Mbit sesaat (kelajuan-rendah) dan 12Mbit sesaat untuk kelajuan tinggi. Kemudian muncul pula USB 2.0 pada April 2000 yang memperkenalkan kelajuan 480Mbit sesaat (kelajuan tinggi) untuk pemindahan data. Ia merupakan teknologi yang banyak kita gunakan masa kini.

Jika anda rasakan penyambungan USB 2.0 atau contoh mudah pemacu flash yang anda gunakan sekarang boleh memindahkan data dengan pantas pada kelajuan 480Mbit sesaat (mudah bukan). Bayangkan bagaimana agaknya keadaaan apabila teknologi USB 3.0 berupaya memindahkan data pada kelajuan bukan satu tetapi sepuluh kali ganda berbanding spesifikai USB yang anda gunakan sekarang. Tentu mengagumkan!

EarthLink Toolbar

Reviews By Konstantinos Karagiannis

With an "if you can't beat 'em, join 'em" philosophy, the EarthLink Toolbar features a Google query box. EarthLink has added a pop-up blocker, which nicely complements the one built into Windows XP SP2. The Googlesque features give EarthLink Toolbar a reason for existing. The built-in ScamBlocker tool is all gravy: A good enough way to prevent phishing, it doesn't cost a thing and (thankfully) doesn't add yet another toolbar to Internet Explorer.

Read the EarthLink Toolbar full review

Finjan SecureBrowsing

Reviews By Neil J. Rubenking

Finjan SecureBrowsing, a free add-in for Internet Explorer and Firefox, analyzes Web pages and helps you steer clear of dangerous ones. Like SiteAdvisor, TrendProtect, and LinkScanner Pro, it adds site-rating icons to your search results, but FSB's protection extends into other areas as well. Unfortunately, Finjan's add-in needs work.

Read the Finjan SecureBrowsing full review