Re: src/etc/rc.firewall simple ${fw_pass} tcp from any to any established



R. B. Riddick napsal/wrote, On 11/11/06 20:33:
Statefull rules can stop the sophisticated intruder, but are often more vulnerable to DoS attacks.

Hmm... U mean, when someone creates a lot of states? At least pf can limit that...

Yes.

"Limit" mean - some packet (connections, states) are denied. The rest is question - is algorithm smart enough to limit attackers packet but no legitimate connections (or, at least, try to block attacker and try not to block legitimate connections). Especially against attacker with full knowledge of algorithm.

But here it looks like just the good guys can create a state (from the
good-network via the public network to the trusted web sites), so that states
can't hurt, I think...

Yes, in that case you are true.

Dan



--
Dan Lukes SISAL MFF UK
AKA: dan@xxxxxxxxx, dan@xxxxxxxxxx,dan@xxxxxxxxxxxxxxxxx
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"



Relevant Pages

  • Re: 11 years of inetd default insecurity?
    ... we all blame Microsoft in insecure default configuration... ... With closer look we have good old inetd ... or allow an *infinite* number of connections to the port. ... If connection is closed by attacker before ...
    (Bugtraq)
  • Re: [fw-wiz] CERT vulnerability note VU# 539363
    ... >> If you're hosting public resources behind the same firewall that's ... > keep state on all connections, and everything passes through the same ... or connections the attacker can't establish) ... rate limiting creates a DoS window. ...
    (Firewall-Wizards)
  • Re: Securing against an internet based intrusion
    ... negotiated network handshaking connections. ... Can I assume from reading the above links that the default security ... attacker guesses the right password? ... you mentioned guessing via the internet to be slow.....with ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Can firewall help?
    ... Don't know about the firewall issue, ... would like to know why the connections are happening. ... including what ports an attacker can "see". ...
    (comp.security.firewalls)
  • Re: Smurf ,land attacks
    ... Using libnet/libpcap you can write directly to the ... > What the attacker does is not allowing the Kernel to ... > from the packet he's spoofing, ... >> wire? ...
    (Security-Basics)