Vulnerability Development mailing list archives
Re: Firewall-1 and ISA D.o.S.
From: Lincoln Yeoh <lyeoh () pop jaring my>
Date: Tue, 19 Feb 2002 10:01:03 +0800
At 12:43 PM 18-02-2002 -0000, overclocking_a_la_abuela () hotmail com wrote:
In-Reply-To: <3.0.5.32.20020218085949.012f4100@192.228.128.13> When you stop the attack, the firewall recovers, but think that in the case of ISA D.o.S. I´m sending spoofed packets so it will be more difficult to find the attacker ( if you have not IDS or similar ).
How fast are the packets being sent? 10Mbps? Or something a lot lower like 100kbps? If it's low then it's a problem, if 10Mbps then in most cases I still don't think it's a big problem (unless your firewall is supposed to be a 100Mbps or 1Gbps rate firewall - is the firewall tested speced for 100Mbps?). Have you tried rate limiting the packets to see if you can get the same effects at lower bandwidths? That would be interesting. Because with high bandwidth usage and the transient effects it shouldn't be too difficult to quickly figure out which port to unplug/disable - unplug the right blinking port and everything is back to normal. If the attacker is inside then if it keeps happening, it might not be as difficult to find the perpetrator... If the attacker an external and sending a trojan inside then in the case of the ISA (or if proxy servers are required) the attacker has to figure out the relevant internal IPs. Furthermore if the attacker can successfully plant a trojan inside, a transient DoS like this would be welcome compared to all the other things possible (e.g. remote controlled trojan). Almost like someone sneaking in to the office and shouting continuously "arrest me". Cheerio, Link,
Current thread:
- Firewall-1 and ISA D.o.S. overclocking_a_la_abuela (Feb 17)
- RE: Firewall-1 and ISA D.o.S. Dom De Vitto (Feb 17)
- Re: Firewall-1 and ISA D.o.S. Lincoln Yeoh (Feb 17)
- <Possible follow-ups>
- Re: Firewall-1 and ISA D.o.S. overclocking_a_la_abuela (Feb 18)
- RE: Firewall-1 and ISA D.o.S. Dom De Vitto (Feb 18)
- Re: Firewall-1 and ISA D.o.S. overclocking_a_la_abuela (Feb 18)
- Re: Firewall-1 and ISA D.o.S. Lincoln Yeoh (Feb 18)
- RE: Firewall-1 and ISA D.o.S. Jim Harrison (SPG) (Feb 18)