Firewall Wizards mailing list archives

Re: Firewalls that generate new packets..

From: Darren Reed <Darren.Reed () Sun COM>
Date: Wed, 28 Nov 2007 13:30:12 -0800

Darden, Patrick S. wrote:

No offense, but both of you are wrong.
Properly configured, a simple firewall
CAN prevent most DOS attacks.  

Check out this SANS bulletin on 
"Defeating DDOS".  Yes, that is my
name in the credits. Special task
force back in 2000.  Sigh, and still
people don't know that you can use
a simple firewall to defeat most
DOS attacks... as long as you are
protecting the world from YOUR 
network.
....
http://www.sans.org/dosstep/index.php?portal=fa88d69a3aede10976f8f2dc977d796e


I see nothing in that article that explains how a firewall
can be used to defend against a DOS (or DDOS) attack.

All I see is how to avoid yourself from being used as the
source of one - where source IP addresses are forged.

When I've got an army of 100,000 pc's scattered around
the globe ready to try and connect() to your web server
(without spoofing an IP#), how does anything in that
article help?

Darren

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Firewalls that generate new packets.., (continued)
- - - Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
    - Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 28)
    - Re: Firewalls that generate new packets.. Paul Melson (Nov 27)
    - Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 27)
    - Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 27)
    - Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 27)
    - Re: Firewalls that generate new packets.. Darren Reed (Nov 27)
    - Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 28)
    - Re: Firewalls that generate new packets.. Jerry B. Altzman (Nov 28)
    - Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 28)
    - Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
    - ***SPAM*** Re: Firewalls that generate new packets.. Dave Piscitello (Nov 28)
    - Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 29)
    - Re: Firewalls that generate new packets.. Darren Reed (Nov 30)
    - Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 30)
    - Re: Firewalls that generate new packets.. Fetch, Brandon (Nov 30)
    - ***SPAM*** Re: Firewalls that generate new packets.. Dave Piscitello (Nov 30)
    - Re: Firewalls that generate new packets.. Patrick M. Hausen (Nov 28)
    - Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 28)
    - Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 28)
    - Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 28)

(Thread continues...)