Darden, Patrick S. wrote:

>No offense, but both of you are wrong.
>Properly configured, a simple firewall
>CAN prevent most DOS attacks.
>
>Check out this SANS bulletin on
>"Defeating DDOS". Yes, that is my
>name in the credits. Special task
>force back in 2000. Sigh, and still
>people don't know that you can use
>a simple firewall to defeat most
>DOS attacks... as long as you are
>protecting the world from YOUR
>network.
>....
>http://www.sans.org/dosstep/index.ph...f8f2dc977d796e
>
>


I see nothing in that article that explains how a firewall
can be used to defend against a DOS (or DDOS) attack.

All I see is how to avoid yourself from being used as the
source of one - where source IP addresses are forged.

When I've got an army of 100,000 pc's scattered around
the globe ready to try and connect() to your web server
(without spoofing an IP#), how does anything in that
article help?

Darren

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards