IDS mailing list archives
Re: Sessions Resource Exhaustion
From: H D Moore <sflist () digitaloffense net>
Date: Fri, 12 Oct 2007 11:02:42 -0500
This is called marketing :-) If you want to support DoS attacks consisting of more 10,000 sessions, you must upgrade to a more expensive box. Even the very high-end IPS products start hitting session limits after 1-2 million concurrent sessions[1]. Session limits are common across a wide range of routers, firewalls, and inline security devices. Most devices based on BSD/ipf have a hard limit in terms of number of sessions. IIRC, the Linux iptables code will dump old sessions in favor of new (when using NAT), so there is no stoppage, but connections can get dropped. These devices tend to be easy to DoS, but in most cases,a single service behind the device stops accepting connections before the device's own state table is filled. If you can fill the state table using just SYN packets (without doing a full session setup), then the device in question is just crap :-) -HD 1. <spam>My company's product (the BPS-1000) tests up to 5,000,000 concurrent application sessions at once. In the lab, we see very few products that can handle more than 500,000. Our new 10G product (BPS-10000) can push 7,500,000 concurrent sessions.</spam> On Thursday 11 October 2007, Ravi Chunduru wrote:
can i say that these devices are vulnerable to simple DoS attacks?
------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- Sessions Resource Exhaustion Ravi Chunduru (Oct 12)
- Re: Sessions Resource Exhaustion Andrew Hay (Oct 12)
- Re: Sessions Resource Exhaustion H D Moore (Oct 12)
- Re: Sessions Resource Exhaustion Ravi Chunduru (Oct 15)
- Re: Sessions Resource Exhaustion Rahul K (Oct 16)
- Re: Sessions Resource Exhaustion Ravi Chunduru (Oct 16)
- Re: Sessions Resource Exhaustion Rahul K (Oct 16)
- Re: Sessions Resource Exhaustion Ravi Chunduru (Oct 15)
- Re: Sessions Resource Exhaustion Control Zed (Oct 18)
- Re: Sessions Resource Exhaustion K K (Oct 15)
- RE: Sessions Resource Exhaustion Nelson Brito (Oct 15)
- RE: Sessions Resource Exhaustion Ahsan Khan (Oct 15)
- Re: Sessions Resource Exhaustion Roland Dobbins (Oct 16)