IDS mailing list archives
Re: Sessions Resource Exhaustion
From: jean-philippe luiggi <luiggi () info didconcept com>
Date: Sat, 13 Oct 2007 09:27:34 -0400
Hello, On Thu, 11 Oct 2007 09:14:02 -0700 "Ravi Chunduru" <ravi.is.chunduru () gmail com> wrote:
using simple tools such as hping2 and others, i am able to exhaust session resources in some firewall and IPS devices. some firewalls and IPS devices addressing small business market segments seems to be supporting maximum of 10000 sessions. these devices are not allowing any new connections if all 10000 sessions are used up. can i say that these devices are vulnerable to simple DoS attacks?
In fact, you've to take in consideration a simple thing, a security device (and a specific model) is build for a specific job, this is why there're so differents models inside a same company. To exceed the limits of designs is not a proof that a device is not good for it (aka vulnerable), just that it is not ready for that. Best regards, Jean-philippe. ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- Re: Sessions Resource Exhaustion, (continued)
- Re: Sessions Resource Exhaustion Rahul K (Oct 16)
- Re: Sessions Resource Exhaustion Ravi Chunduru (Oct 16)
- Re: Sessions Resource Exhaustion Rahul K (Oct 16)
- Re: Sessions Resource Exhaustion Control Zed (Oct 18)
- Re: Sessions Resource Exhaustion K K (Oct 15)
- RE: Sessions Resource Exhaustion Nelson Brito (Oct 15)
- RE: Sessions Resource Exhaustion Ahsan Khan (Oct 15)
- Re: Sessions Resource Exhaustion Roland Dobbins (Oct 16)
- RE: Sessions Resource Exhaustion Nelson Brito (Oct 16)