I believe you are missing the point. Three types of DOS

1. bandwidth flood--several dos and most ddos, smurf,
stacheldraht, only way to protect against them is to
prevent them, only way to prevent them is if all networks
protect others from themselves.

2. purposely (mal)shaped packets--teardrop, ping of death, etc.;
any good firewall prevents known examples.

3. application shaped--e.g. sending a continuous stream of
connection packets to an apache web server, letting them time
out at 15 minutes, thus keeping others from connecting; etc.
Most security features provide *very limited* relief from this,
limiting the # of connections from the same sip, decreasing
tcp timeout from 15 mins to 30 seconds, etc.

Helpful?

--Patrick Darden



-----Original Message-----

>....
>http://www.sans.org/dosstep/index.ph...f8f2dc977d796e
>
>


I see nothing in that article that explains how a firewall
can be used to defend against a DOS (or DDOS) attack.

All I see is how to avoid yourself from being used as the
source of one - where source IP addresses are forged.

When I've got an army of 100,000 pc's scattered around
the globe ready to try and connect() to your web server
(without spoofing an IP#), how does anything in that
article help?

Darren

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards