Re: [fw-wiz] Firewalls that generate new packets..

From: "Darden, Patrick S." <darden@xxxxxxxx>
Date: Thu, 29 Nov 2007 08:33:10 -0500

I believe you are missing the point. Three types of DOS

1. bandwidth flood--several dos and most ddos, smurf,
stacheldraht, only way to protect against them is to
prevent them, only way to prevent them is if all networks
protect others from themselves.

2. purposely (mal)shaped packets--teardrop, ping of death, etc.;
any good firewall prevents known examples.

3. application shaped--e.g. sending a continuous stream of
connection packets to an apache web server, letting them time
out at 15 minutes, thus keeping others from connecting; etc.
Most security features provide *very limited* relief from this,
limiting the # of connections from the same sip, decreasing
tcp timeout from 15 mins to 30 seconds, etc.

Helpful?

--Patrick Darden

-----Original Message-----

....
http://www.sans.org/dosstep/index.php?portal=fa88d69a3aede10976f8f2dc977d796e

I see nothing in that article that explains how a firewall
can be used to defend against a DOS (or DDOS) attack.

All I see is how to avoid yourself from being used as the
source of one - where source IP addresses are forged.

When I've got an army of 100,000 pc's scattered around
the globe ready to try and connect() to your web server
(without spoofing an IP#), how does anything in that
article help?

Darren

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Follow-Ups:
- Re: [fw-wiz] Firewalls that generate new packets..
  - From: Darren Reed

References:
- Re: [fw-wiz] Firewalls that generate new packets..
  - From: Darren Reed

Prev by Date: [fw-wiz] Dark Reading: Firewalls Ready for Evolutionary Shift
Next by Date: Re: [fw-wiz] Firewalls that generate new packets..
Previous by thread: [fw-wiz] ***SPAM*** Re: Firewalls that generate new packets..
Next by thread: Re: [fw-wiz] Firewalls that generate new packets..
Index(es):
- Date
- Thread

Relevant Pages

Re: avoid DoS
... usually be discarded as no connection is possible. ... Tarpits provide a workable solution for a subset of DoS. ... Maybe English is not your native language any more. ... >finite automata theory (which is explained in mathematics, ...
(comp.security.unix)
RE: Limited vs full blown testing
... >I'm trying to understand the significance of DDOS testing and importance. ... >vector of attack that we live with, a risk level we hope to avoid. ... Ron - I think the difference here is DoS vs. DDoS. ... throwing packets at a target to fill all available bandwidth and I can't see ...
(Pen-Test)
RE: Limited vs full blown testing
... He SPECIFICALLY excluded DDOS. ... about doing a DOS in a penetration test or vulnerability ... > We accept a brief excluding DoS attacks, ... vector of attack that we live with, a risk level we hope to avoid. ...
(Pen-Test)
RE: IE 6 will not load--"Can not findserver"
... your using a linksys wireless router of some sort? ... enter your webpage manager for it http://192.168.1.1 and login? ... > Here is the requested information from the DOS commands. ... > Ethernet adapter Wireless Network Connection: ...
(microsoft.public.windows.inetexplorer.ie6.browser)
Re: [Full-disclosure] Examples with Nemesis to test DoS & DDoS?
... > Well im testing attacks to DoS and DDoS to my servers e.g: ... > attacks DoS and DDoS? ... Another usefull tool would be hping where you could create packets by ...
(Full-Disclosure)