RE: Sessions Resource Exhaustion

["Nelson Brito" <nbrito () sekure org>]

> Please read the definition of DoS Attacks.
>
>       I believe any firewall will be a victim if we setup a 
> test launching the attack in LAB and let the resources tanked. 

Sorry, I don't need to read the detailed definition of DoS to know:
- You have a 100 Mbps network;
- You buy / deploy a 10 Mbps Firewall / IPS;
- You DONE!!!

You cannot expect your New Beatle has the same horse power of a Ferrari,
just like that.

That's pure math and doesn't mean you are under DoS attack, it means that
you didn't make your home work or didn't have the appropriate budget to
protect you assets.

>       IPS can take care of many of these but an attacker can 
> still modify the packet size and exhaust memory due to large 
> packet size.

Now we are talking about design flaw.

>       Hence when buying these solutions one need to 
> understand the network architect of their network, available 
> bandwidth and number of session vs.
> resources calculations to size their firewall and IPS 
> solution. This would create enough cushions for an 
> administrator to react and remedy an attack.

Actually, I have no idea what is you point here... :-D


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------