Re: [fw-wiz] Firewalls that generate new packets..
- From: "Marcus J. Ranum" <mjr@xxxxxxxxx>
- Date: Wed, 28 Nov 2007 13:28:23 -0500
Darden, Patrick S. wrote:
No offense, but both of you are wrong.
Properly configured, a simple firewall
CAN prevent most DOS attacks.
Sure! It can block most of the current crop. But
there's no way a firewall can prevent a bandwidth
consumption attack. At the very least for the simple
reason that the attack can take place upstream of
the firewall or against the link leading to the firewall.
It's important not to confuse something that can
help against a wide variety of attacks (nothing wrong
with that) with a solution to the problem.
mjr.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- References:
- Re: [fw-wiz] Firewalls that generate new packets..
- From: Darren Reed
- Re: [fw-wiz] Firewalls that generate new packets..
- From: Darden, Patrick S.
- Re: [fw-wiz] Firewalls that generate new packets..
- Prev by Date: Re: [fw-wiz] Firewalls that generate new packets..
- Next by Date: Re: [fw-wiz] Firewalls that generate new packets..
- Previous by thread: Re: [fw-wiz] Firewalls that generate new packets..
- Next by thread: Re: [fw-wiz] Firewalls that generate new packets..
- Index(es):
Relevant Pages
|
