IDS mailing list archives
Re: Sessions Resource Exhaustion
From: "Ravi Chunduru" <ravi.is.chunduru () gmail com>
Date: Tue, 16 Oct 2007 00:00:37 -0700
thank you all for responding. it was really helpful. even with 500 packets/sec on UDP:500 (with different source ip addresses), i could exhaust all states in my SME firewall. imagine that this firewall is kept in real network. by using fraction of bandwidth about 256kbps, one can shut this network for any outside communication. any security device is expected to increase network protection, but not take it away. I had some take aways from this discussion. Select security device that provides * setting idle timeouts based on port number (service). for UDP:500, it can be as low as 20 seconds. * settings to limit number of states for UDP traffic. * some kind of random drop or session rate policing once session flood condition is detected. * higher number of states for a given price point. thank you again Ravi On 10/11/07, Ravi Chunduru <ravi.is.chunduru () gmail com> wrote:
using simple tools such as hping2 and others, i am able to exhaust session resources in some firewall and IPS devices. some firewalls and IPS devices addressing small business market segments seems to be supporting maximum of 10000 sessions. these devices are not allowing any new connections if all 10000 sessions are used up. can i say that these devices are vulnerable to simple DoS attacks? thanks Ravi
------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- Re: Sessions Resource Exhaustion, (continued)
- Re: Sessions Resource Exhaustion Rahul K (Oct 16)
- Re: Sessions Resource Exhaustion Control Zed (Oct 18)
- RE: Sessions Resource Exhaustion Nelson Brito (Oct 12)
- Re: Sessions Resource Exhaustion K K (Oct 15)
- RE: Sessions Resource Exhaustion Nelson Brito (Oct 15)
- RE: Sessions Resource Exhaustion Ahsan Khan (Oct 15)
- Re: Sessions Resource Exhaustion Roland Dobbins (Oct 16)
- RE: Sessions Resource Exhaustion Nelson Brito (Oct 16)
- Re: Sessions Resource Exhaustion K K (Oct 15)
- Re: Sessions Resource Exhaustion jean-philippe luiggi (Oct 15)
- RE: Sessions Resource Exhaustion Srinivasa Addepalli (Oct 15)
- Re: Sessions Resource Exhaustion Ravi Chunduru (Oct 16)