Firewall Wizards mailing list archives
Re: Firewalls that generate new packets..
From: Darren Reed <darrenr () reed wattle id au>
Date: Fri, 30 Nov 2007 02:11:00 -0800
I definately don't classify (2) as a DOS problem. An application/operating system that crashes because of a bug is presumably fixable. Crashing something because of bad data is just as likely to happen anyway, without there needing to be some sort of special attack. On a well configured network, (3) is going to be almost the same as (1), so I don't believe there's any point in drawing a distinction. The general idea is that the target host is given more work than it can cope with and thus fails to respond in a useful manner. Darden, Patrick S. wrote:
I believe you are missing the point. Three types of DOS 1. bandwidth flood--several dos and most ddos, smurf, stacheldraht, only way to protect against them is to prevent them, only way to prevent them is if all networks protect others from themselves. 2. purposely (mal)shaped packets--teardrop, ping of death, etc.; any good firewall prevents known examples. 3. application shaped--e.g. sending a continuous stream of connection packets to an apache web server, letting them time out at 15 minutes, thus keeping others from connecting; etc. Most security features provide *very limited* relief from this, limiting the # of connections from the same sip, decreasing tcp timeout from 15 mins to 30 seconds, etc. Helpful? --Patrick Darden -----Original Message-----.... http://www.sans.org/dosstep/index.php?portal=fa88d69a3aede10976f8f2dc977d796eI see nothing in that article that explains how a firewall can be used to defend against a DOS (or DDOS) attack. All I see is how to avoid yourself from being used as the source of one - where source IP addresses are forged. When I've got an army of 100,000 pc's scattered around the globe ready to try and connect() to your web server (without spoofing an IP#), how does anything in that article help? Darren _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Firewalls that generate new packets.., (continued)
- Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 27)
- Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 27)
- Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 27)
- Re: Firewalls that generate new packets.. Darren Reed (Nov 27)
- Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 28)
- Re: Firewalls that generate new packets.. Jerry B. Altzman (Nov 28)
- Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 28)
- Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
- ***SPAM*** Re: Firewalls that generate new packets.. Dave Piscitello (Nov 28)
- Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 29)
- Re: Firewalls that generate new packets.. Darren Reed (Nov 30)
- Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 30)
- Re: Firewalls that generate new packets.. Fetch, Brandon (Nov 30)
- ***SPAM*** Re: Firewalls that generate new packets.. Dave Piscitello (Nov 30)
- Re: Firewalls that generate new packets.. Patrick M. Hausen (Nov 28)
- Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 28)
- Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 28)
- Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 28)
- Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 28)
- Re: Firewalls that generate new packets.. Tina Bird (Nov 27)
- Re: Firewalls that generate new packets.. J. Oquendo (Nov 28)