Bugtraq mailing list archives
Re: Simple DOS attack on FW-1
From: david () FUNDY CA (David Maxwell)
Date: Thu, 5 Aug 1999 15:16:50 -0300
On Wed, Aug 04, 1999 at 11:56:24AM +0200, Rogier Wolff wrote:
Lance Spitzner wrote:Also, if they implemented a circular buffer where connections that had been idle the longest were disconnected in favor of new connections their scalability might increase some.Excellent recommendation, I'll pass it along to Check Point!That means I can still DOS a site: If I send 500 packets a second, I can wrap the connection table in 100 seconds. That means that the idle-timer is reduced from an hour to less than two minutes. The only solution is to only allow the longer timeout once BOTH sides have sent a packet.
I read the original sentance as "Circular buffer for half-open connections". I believe people are misreading the 'idle the longest' portion thinking it was meant to apply to fully open connections. It's not perfect of course, if an abuser can spin the buffer in less than the round trip time for a valid user to open a connection, no new connections can ever be made. (But under that type of flood I can't think of a setup that will perform any better either, aside from detect the flood source, and discard from specific IPs. That can be defeated by using a range of addresses anyway.) -- David Maxwell, david () vex net|david () maxwell net --> (About an Amiga rendering landscapes) It's not thinking, it's being artistic! - Jamie Woods
Current thread:
- Re: Simple DOS attack on FW-1 James Burns (Jul 31)
- <Possible follow-ups>
- Re: Simple DOS attack on FW-1 Chris Brenton (Jul 31)
- Re: Simple DOS attack on FW-1 Lance Spitzner (Jul 31)
- Re: Simple DOS attack on FW-1 Lance Spitzner (Jul 31)
- Re: Simple DOS attack on FW-1 Victoria E. Lease (Aug 03)
- Re: Simple DOS attack on FW-1 Rogier Wolff (Aug 04)
- Re: Simple DOS attack on FW-1 David Maxwell (Aug 05)
- Re: Simple DOS attack on FW-1 Shin'ichi Asano (Aug 01)
- Re: Simple DOS attack on FW-1 Olaf Selke (Aug 01)
- Re: Simple DOS attack on FW-1 Anonymous (Aug 04)
- Re: Simple DOS attack on FW-1 Michael Wojcik (Aug 05)