Re: [fw-wiz] Firewalls that generate new packets..

I definately don't classify (2) as a DOS problem. An application/operating
system that crashes because of a bug is presumably fixable. Crashing
something because of bad data is just as likely to happen anyway, without
there needing to be some sort of special attack.

On a well configured network, (3) is going to be almost the same as (1),
so I don't believe there's any point in drawing a distinction. The general
idea is that the target host is given more work than it can cope with and
thus fails to respond in a useful manner.


Darden, Patrick S. wrote:[color=blue]
> I believe you are missing the point. Three types of DOS
>
> 1. bandwidth flood--several dos and most ddos, smurf,
> stacheldraht, only way to protect against them is to
> prevent them, only way to prevent them is if all networks
> protect others from themselves.
>
> 2. purposely (mal)shaped packets--teardrop, ping of death, etc.;
> any good firewall prevents known examples.
>
> 3. application shaped--e.g. sending a continuous stream of
> connection packets to an apache web server, letting them time
> out at 15 minutes, thus keeping others from connecting; etc.
> Most security features provide *very limited* relief from this,
> limiting the # of connections from the same sip, decreasing
> tcp timeout from 15 mins to 30 seconds, etc.
>
> Helpful?
>
> --Patrick Darden
>
>
>
> -----Original Message-----
>[color=green]
> >....
> >[url]http://www.sans.org/dosstep/index.php?portal=fa88d69a3aede10976f8f2dc977d796e[/url]
> >
> >[/color]
>
> I see nothing in that article that explains how a firewall
> can be used to defend against a DOS (or DDOS) attack.
>
> All I see is how to avoid yourself from being used as the
> source of one - where source IP addresses are forged.
>
> When I've got an army of 100,000 pc's scattered around
> the globe ready to try and connect() to your web server
> (without spoofing an IP#), how does anything in that
> article help?
>
> Darren
>
> _______________________________________________
> firewall-wizards mailing list
> [email]firewall-wizards@listserv.icsalabs.com[/email]
> [url]https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards[/url]
> _______________________________________________
> firewall-wizards mailing list
> [email]firewall-wizards@listserv.icsalabs.com[/email]
> [url]https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards[/url]
>[/color]

_______________________________________________
firewall-wizards mailing list
[email]firewall-wizards@listserv.icsalabs.com[/email]
[url]https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards[/url]