Bugtraq mailing list archives
Re: Simple DOS attack on FW-1
From: lease () 31337 COM (Victoria E. Lease)
Date: Tue, 3 Aug 1999 08:51:30 -0500
[Lance Spitzner]
On Fri, 30 Jul 1999, Jeff Roberson wrote:Also, if they implemented a circular buffer where connections that had been idle the longest were disconnected in favor of new connections their scalability might increase some.Excellent recommendation, I'll pass it along to Check Point!
Neat idea. Am I the only person who sees the potential for even further abuse if this 'feature' is added? Wouldn't this allow DoS attackers to not only keep new connections from being established, but also to forcefully close already-established valid connections? Or am I missing something? I think it might work, though, if non-established, ie only two of three handshakes completed, connections were kept in a circular buffer. That way, the worst abuse that could happen would be for DoS'ers to incur a *chance* of established connections failing, and they wouldn't be able to affect already-established connections. They'd have to keep hammering at the unestablished-connection buffer, and very quickly, too, in order to keep valid connections from making it through. Perhaps this is what was intended by the suggestion in the first place?
Current thread:
- Re: Simple DOS attack on FW-1 James Burns (Jul 31)
- <Possible follow-ups>
- Re: Simple DOS attack on FW-1 Chris Brenton (Jul 31)
- Re: Simple DOS attack on FW-1 Lance Spitzner (Jul 31)
- Re: Simple DOS attack on FW-1 Lance Spitzner (Jul 31)
- Re: Simple DOS attack on FW-1 Victoria E. Lease (Aug 03)
- Re: Simple DOS attack on FW-1 Rogier Wolff (Aug 04)
- Re: Simple DOS attack on FW-1 David Maxwell (Aug 05)
- Re: Simple DOS attack on FW-1 Shin'ichi Asano (Aug 01)
- Re: Simple DOS attack on FW-1 Olaf Selke (Aug 01)
- Re: Simple DOS attack on FW-1 Anonymous (Aug 04)
- Re: Simple DOS attack on FW-1 Michael Wojcik (Aug 05)