Re: Denial of Service: Commercial Defense products



If you set the timeout to less than 3 seconds, the system would be blocking
everything including legitimate connection.
The solution will be to increase the cache size.

On 12/16/05, FinAckSyn <finacksyn@xxxxxxxxxxx> wrote:
> Hi Avi,
>
> The big problem I had with RadWare DefensePro (this
> was about a year ago), was that I couldn't set the SYN
> cache timeout to anything less than 3 seconds. As the
> cache could only hold 64,000 SYNs, any SYN Flood
> larger than 64,000/3 = 21,333 SYN/s would completely
> fill the cache.
> This spelt disaster every time a SYN flood hit the
> network, as invalid SYNs filled up the cache, leaving
> no space for new, legitimate connections to be setup.
> True, the SYN Flood was mitigated, but at the expense
> of any new connections (existing ones were preserved),
> which is generally bad if you're dealing with critical
> applications and web presences.
> I would love to hear from RadWare as to whether or not
> this limitation has actually being fixed, and if it
> has, how their new technology now fares against the
> more mature mitigation products such as TopLayer and
> Riverhead.
>
> Rgds,
>
> Matt
>
> --- avi chesla <chess4_4@xxxxxxxxxxx> wrote:
>
> > Hi, You shoould also consider Rdaware's DefensePro
> > with their new behavioral
> > based DDoS protection.
> >
> > Avi
> >
> >
> > >From: Devdas Bhagat <devdas@xxxxxxxxxxxxxxxxx>
> > >Reply-To: Devdas Bhagat <devdas@xxxxxxxxxxxxxxxxx>
> > >To: focus-ids@xxxxxxxxxxxxxxxxx
> > >Subject: Re: Denial of Service: Commercial Defense
> > products
> > >Date: Thu, 24 Nov 2005 21:59:41 +0530
> > >
> > >On 22/11/05 16:43 +0700, Ogle wrote:
> > > > Hi,
> > > > I have an ISP customer who want to protect their
> > network and their
> > > > subscriber's network.
> > > > In "Internet Denial of Service: Attack and
> > Defense Mecahnisms" book, I
> > > > noticed 7 commercial products.
> > > > 1. Mazu Enforcer by Mazu Networks
> > > > 2. Peakflow by Arbor Networks
> > > > 3. WS Series Apliances by Webscreen Technologies
> > > > 4. Captus IPS by Captus Networks
> > > > 5. MANAnet Shield by CS3
> > > > 6. Cisco Traffic Anomaly Detector XT and Cisco
> > Guard XT
> > > > 7. StealthWatch by Lancope
> > > >
> > > > Since I'm new with this type of products, is
> > there any reference out
> > > > there to help me choose the right solution to my
> > customer ?
> > > > Is there any problem if I use IPS (ie:
> > TippingPoint, McAfee) for this
> > >solution ?
> > >
> > >What kind of DoS? Is this a simple packet flooding
> > choking the pipe? Is
> > >this an application layer attack? Syn floods?
> > Physical damage to links?
> > >
> > >Devdas Bhagat
> > >
> >
> >------------------------------------------------------------------------
> > >Test Your IDS
> > >
> > >Is your IDS deployed correctly?
> > >Find out quickly and easily by testing it
> > >with real-world attacks from CORE IMPACT.
> > >Go to
> >
> http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> > >to learn more.
> >
> >------------------------------------------------------------------------
> > >
> >
> >
> _________________________________________________________________
> > Express yourself instantly with MSN Messenger!
> > Download today it's FREE!
> >
> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
> >
> >
> >
> ------------------------------------------------------------------------
> > Test Your IDS
> >
> > Is your IDS deployed correctly?
> > Find out quickly and easily by testing it
> > with real-world attacks from CORE IMPACT.
> > Go to
> >
> http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> >
> > to learn more.
> >
> ------------------------------------------------------------------------
> >
> >
>
>
>
>
> ___________________________________________________________
> To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. http://uk.security.yahoo.com
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> ------------------------------------------------------------------------
>
>

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------