Re: SQL effect on stateful IDS and firewalls

[Gianni Tedesco <gianni () ecsc co uk>]

On Tue, 2003-01-28 at 23:31, Todd Heberlein wrote:
> I have seen one report (by Tom Kyle on BugTraq) about the SQL worm 
> swamping the memory a stateful firewall or IDS system.
>
> Does anyone have pointers on reports as to how well the different 
> stateful systems did under the attack?

AFAIK most IDSs don't do state tracking for UDP. Firewalls tend to
implement UDP stateful hacks just to make DNS work ie: if a UDP packet
is allowed, allow reply UDP traffic for 30 seconds afterwards. This
model works for most but not all UDP applications.

-- 
// Gianni Tedesco (gianni at scaramanga dot co dot uk)
lynx --source www.scaramanga.co.uk/gianni-at-ecsc.asc | gpg --import
8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D

Attachment: signature.asc
Description: This is a digitally signed message part