Darden, Patrick S. wrote:
>No offense, but both of you are wrong.
>Properly configured, a simple firewall
>CAN prevent most DOS attacks.

Sure! It can block most of the current crop. But
there's no way a firewall can prevent a bandwidth
consumption attack. At the very least for the simple
reason that the attack can take place upstream of
the firewall or against the link leading to the firewall.

It's important not to confuse something that can
help against a wide variety of attacks (nothing wrong
with that) with a solution to the problem.


firewall-wizards mailing list