Firewall Wizards mailing list archives

Re: Firewalls that generate new packets..

From: "Marcus J. Ranum" <mjr () ranum com>
Date: Wed, 28 Nov 2007 13:28:23 -0500

Darden, Patrick S. wrote:

No offense, but both of you are wrong.
Properly configured, a simple firewall
CAN prevent most DOS attacks.


Sure! It can block most of the current crop. But
there's no way a firewall can prevent a bandwidth
consumption attack. At the very least for the simple
reason that the attack can take place upstream of
the firewall or against the link leading to the firewall.

It's important not to confuse something that can
help against a wide variety of attacks (nothing wrong
with that) with a solution to the problem.

mjr. 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Firewalls that generate new packets.., (continued)
- - - Re: Firewalls that generate new packets.. Jim Seymour (Nov 26)
    - Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
    - Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 28)
    - Re: Firewalls that generate new packets.. Paul Melson (Nov 27)
    - Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 27)
    - Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 27)
    - Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 27)
    - Re: Firewalls that generate new packets.. Darren Reed (Nov 27)
    - Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 28)
    - Re: Firewalls that generate new packets.. Jerry B. Altzman (Nov 28)
    - Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 28)
    - Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
    - ***SPAM*** Re: Firewalls that generate new packets.. Dave Piscitello (Nov 28)
    - Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 29)
    - Re: Firewalls that generate new packets.. Darren Reed (Nov 30)
    - Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 30)
    - Re: Firewalls that generate new packets.. Fetch, Brandon (Nov 30)
    - ***SPAM*** Re: Firewalls that generate new packets.. Dave Piscitello (Nov 30)
    - Re: Firewalls that generate new packets.. Patrick M. Hausen (Nov 28)
    - Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 28)
    - Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 28)

(Thread continues...)