IDS mailing list archives
RE: Sessions Resource Exhaustion
From: "Ahsan Khan" <jahilkhan () verizon net>
Date: Sat, 13 Oct 2007 12:01:57 -0400
Please read the definition of DoS Attacks. I believe any firewall will be a victim if we setup a test launching the attack in LAB and let the resources tanked. IPS can take care of many of these but an attacker can still modify the packet size and exhaust memory due to large packet size. Hence when buying these solutions one need to understand the network architect of their network, available bandwidth and number of session vs. resources calculations to size their firewall and IPS solution. This would create enough cushions for an administrator to react and remedy an attack. Regards Ahsan Khan ahsank () jahil net -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Nelson Brito Sent: Friday, October 12, 2007 12:51 PM To: 'Ravi Chunduru'; focus-ids () securityfocus com Subject: RE: Sessions Resource Exhaustion No, it does not mean the IPS and/or Firewall is vulnerable... It means that the IPS and/or Firewall was designed to handle this amount. In fact, before you blame the IPS and/or Firewall you should consult the specifications to be sure you are reaching the device's limit. If the limit differs of the specification then you have a design flaw, and you can say that it is vulnerable, otherwise it means that the IPS and/or Firewall is designed to work in small business, and if you need, want or desire to handle more connections / sessions you, or even the IPS and/or Firewall designer (usually the vendor or the partner), should do the home work... Just to add more in this topic, I want to point that sessions limitations is difficult to understand and address if you don't know what exactly is the environment you are try to protect. In some cases you have extraordinary complex environments that you have to study deeply to do your device sizing. Best regards. Nelson Brito nbrito () sekure org
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Ravi Chunduru Sent: Thursday, October 11, 2007 1:14 PM To: focus-ids () securityfocus com Subject: Sessions Resource Exhaustion using simple tools such as hping2 and others, i am able to exhaust session resources in some firewall and IPS devices. some firewalls and IPS devices addressing small business market segments seems to be supporting maximum of 10000 sessions. these devices are not allowing any new connections if all 10000 sessions are used up. can i say that these devices are vulnerable to simple DoS attacks? thanks Ravi ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign= intro_sfw to learn more. ------------------------------------------------------------------------
------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=in tro_sfw to learn more. ------------------------------------------------------------------------ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- Re: Sessions Resource Exhaustion, (continued)
- Re: Sessions Resource Exhaustion Andrew Hay (Oct 12)
- Re: Sessions Resource Exhaustion H D Moore (Oct 12)
- Re: Sessions Resource Exhaustion Ravi Chunduru (Oct 15)
- Re: Sessions Resource Exhaustion Rahul K (Oct 16)
- Re: Sessions Resource Exhaustion Ravi Chunduru (Oct 16)
- Re: Sessions Resource Exhaustion Rahul K (Oct 16)
- Re: Sessions Resource Exhaustion Ravi Chunduru (Oct 15)
- Re: Sessions Resource Exhaustion Control Zed (Oct 18)
- Re: Sessions Resource Exhaustion K K (Oct 15)
- RE: Sessions Resource Exhaustion Nelson Brito (Oct 15)
- RE: Sessions Resource Exhaustion Ahsan Khan (Oct 15)
- Re: Sessions Resource Exhaustion Roland Dobbins (Oct 16)
- RE: Sessions Resource Exhaustion Nelson Brito (Oct 16)