Firewall Wizards mailing list archives

Re: Firewalls that generate new packets..

From: "Darden, Patrick S." <darden () armc org>
Date: Thu, 29 Nov 2007 08:33:10 -0500


I believe you are missing the point.  Three types of DOS

1.  bandwidth flood--several dos and most ddos, smurf, 
stacheldraht, only way to protect against them is to 
prevent them, only way to prevent them is if all networks 
protect others from themselves.

2.  purposely (mal)shaped packets--teardrop, ping of death, etc.; 
any good firewall prevents known examples.

3.  application shaped--e.g. sending a continuous stream of
connection packets to an apache web server, letting them time 
out at 15 minutes, thus keeping others from connecting; etc.
Most security features provide *very limited* relief from this,
limiting the # of connections from the same sip, decreasing
tcp timeout from 15 mins to 30 seconds, etc.

Helpful?

--Patrick Darden



-----Original Message-----

....
http://www.sans.org/dosstep/index.php?portal=fa88d69a3aede10976f8f2dc977d796e


I see nothing in that article that explains how a firewall
can be used to defend against a DOS (or DDOS) attack.

All I see is how to avoid yourself from being used as the
source of one - where source IP addresses are forged.

When I've got an army of 100,000 pc's scattered around
the globe ready to try and connect() to your web server
(without spoofing an IP#), how does anything in that
article help?

Darren

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Firewalls that generate new packets.., (continued)
- - - Re: Firewalls that generate new packets.. Paul Melson (Nov 27)
    - Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 27)
    - Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 27)
    - Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 27)
    - Re: Firewalls that generate new packets.. Darren Reed (Nov 27)
    - Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 28)
    - Re: Firewalls that generate new packets.. Jerry B. Altzman (Nov 28)
    - Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 28)
    - Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
    - ***SPAM*** Re: Firewalls that generate new packets.. Dave Piscitello (Nov 28)
    - Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 29)
    - Re: Firewalls that generate new packets.. Darren Reed (Nov 30)
    - Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 30)
    - Re: Firewalls that generate new packets.. Fetch, Brandon (Nov 30)
    - ***SPAM*** Re: Firewalls that generate new packets.. Dave Piscitello (Nov 30)
    - Re: Firewalls that generate new packets.. Patrick M. Hausen (Nov 28)
    - Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 28)
    - Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 28)
    - Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 28)
    - Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 28)
    - Re: Firewalls that generate new packets.. Tina Bird (Nov 27)

(Thread continues...)