Re: Sessions Resource Exhaustion

["Control Zed" <cntlzed () gmail com>]

On 10/13/07, Ravi Chunduru <ravi.is.chunduru () gmail com> wrote:
> On 10/12/07, H D Moore <sflist () digitaloffense net> wrote:
> > This is called marketing :-) If you want to support DoS attacks consisting
> > of more 10,000 sessions, you must upgrade to a more expensive box. Even
> > the very high-end IPS products start hitting session limits after 1-2
> > million concurrent sessions[1].
>
> i understand :-).  is it not too expensive for small and medium businesses?

So you would need to go with some rule of thumb. You would know what
your organization needs and choose accordingly.

If you have a 100 systems behind the box, then even if each of them
have a 100 sessions open at any time instance, then you would need
something that supports 10,000 sessions. Since all 100 may not have
100 sessions at the same time, things would roughly get evened out.
Some servers may have a large number of sessions open for a short
duration, others vice-versa.

And SMEs may be anything between 50-500 employees.

~Z

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------