IDS mailing list archives
Re: SQL effect on stateful IDS and firewalls
From: Gianni Tedesco <gianni () ecsc co uk>
Date: 29 Jan 2003 17:33:03 +0000
On Tue, 2003-01-28 at 23:31, Todd Heberlein wrote:
I have seen one report (by Tom Kyle on BugTraq) about the SQL worm swamping the memory a stateful firewall or IDS system. Does anyone have pointers on reports as to how well the different stateful systems did under the attack?
AFAIK most IDSs don't do state tracking for UDP. Firewalls tend to implement UDP stateful hacks just to make DNS work ie: if a UDP packet is allowed, allow reply UDP traffic for 30 seconds afterwards. This model works for most but not all UDP applications. -- // Gianni Tedesco (gianni at scaramanga dot co dot uk) lynx --source www.scaramanga.co.uk/gianni-at-ecsc.asc | gpg --import 8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- SQL effect on stateful IDS and firewalls Todd Heberlein (Jan 29)
- Re: SQL effect on stateful IDS and firewalls Gianni Tedesco (Jan 30)