Re: No NetBios share + No Open Port = Safe Win98?

["Mario A. Spinthiras" <mario () netway com cy>]

Davide Minini wrote:
>   | A DDoS usually means that someone tries to consume the entire
>   | bandwidth of your uplink. How could any kind of firewall mitigate that?
>
>
>   It can, if the DDOS is a SYN flood attack on hosts behind;
>   the firewall can at least protect the internal network and also
>   reduce the DDOS average (think a WebStrike).
>  
>
>
>
>   
I doubt that will "save you" . Incoming traffic is data hitting your 
destination. Therefore even if your systems do not process it and put a 
firewall in front of your network (firewalls - plural is a better idea 
than firewall :) ) the packets will still have to be processed at a 
lower level in order for them to be put against the security policies to 
know what to do with the traffic (drop , accept , etc..)

So one way or another , if a kiddie out there wants to put you down , 
all he needs is sufficiently more bandwidth than you , a thin protocol 
of some kind (UDP is a kiddie's choice due to low overhead and no ACK of 
any kind).

Even if the traffic is coming from one route only, that still does not 
imply that the situation is controllable , but usually kiddies perform 
such attacks in a distributed layout , meaning they hit you from many 
locations on the Internet making things more difficult than most cases.


Do not think "webstrike" , do not think "i have a firewall" . YOU HAVE 
NOTHING AT ALL. ON THE INTERNET YOU ARE NOBODY. Ive seen larger STM 
powered networks hang in minutes due to the ignorance of some 
administrators out there failing to secure their machines and kiddies 
exploiting them into malicious activity.


What you can do:

Make sure you have an optimized network in terms of clean traffic , no 
bottlenecks , no unecessary overhead.

REDUNDANCY! RTFM for the ignorant.

SECURITY! even if you are not ignorant and you have been a sysadm since 
pamper years , RTFM also.

hopefully we "nobodies" can make things better for the people on the net 
that think they are SOMEBODY!!


Regards,
Mario A. Spinthiras


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------