No offense, but both of you are wrong.
Properly configured, a simple firewall
CAN prevent most DOS attacks.

Check out this SANS bulletin on
"Defeating DDOS". Yes, that is my
name in the credits. Special task
force back in 2000. Sigh, and still
people don't know that you can use
a simple firewall to defeat most
DOS attacks... as long as you are
protecting the world from YOUR
network.

Yes, that sigh of mine was ironic
and facetious ;-) Here's a
hankie to wipe that egg off
your face....

http://www.sans.org/dosstep/index.ph...f8f2dc977d796e


--p


Darren Reed said:

Marcus J. Ranum wrote:

>
>Let's take MITM and DOS off the table. No firewall will
>protect you against either of those.
>
>


Understanding what DOS is appears to be a problem for a
*lot* of people. Lots of people seem to fail to understand
what the real problem is - the saturation of your network
(connection) with packets that you don't want anything to
do with at a point at which you've got no control over.

What's more, people seem to think that you can just filter
out DOS attacks. Will someone please give me a cricket
bat (or baseball bat) so I can apply some proper instruction?
*sigh*

As Marcus said, no firewall, be it stateless, stateful, proxy,
or otherwise can help you against DOS.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards