I definately don't classify (2) as a DOS problem. An application/operating
system that crashes because of a bug is presumably fixable. Crashing
something because of bad data is just as likely to happen anyway, without
there needing to be some sort of special attack.

On a well configured network, (3) is going to be almost the same as (1),
so I don't believe there's any point in drawing a distinction. The general
idea is that the target host is given more work than it can cope with and
thus fails to respond in a useful manner.


Darden, Patrick S. wrote:
> I believe you are missing the point. Three types of DOS
>
> 1. bandwidth flood--several dos and most ddos, smurf,
> stacheldraht, only way to protect against them is to
> prevent them, only way to prevent them is if all networks
> protect others from themselves.
>
> 2. purposely (mal)shaped packets--teardrop, ping of death, etc.;
> any good firewall prevents known examples.
>
> 3. application shaped--e.g. sending a continuous stream of
> connection packets to an apache web server, letting them time
> out at 15 minutes, thus keeping others from connecting; etc.
> Most security features provide *very limited* relief from this,
> limiting the # of connections from the same sip, decreasing
> tcp timeout from 15 mins to 30 seconds, etc.
>
> Helpful?
>
> --Patrick Darden
>
>
>
> -----Original Message-----
>
> >....
> >http://www.sans.org/dosstep/index.ph...f8f2dc977d796e
> >
> >

>
> I see nothing in that article that explains how a firewall
> can be used to defend against a DOS (or DDOS) attack.
>
> All I see is how to avoid yourself from being used as the
> source of one - where source IP addresses are forged.
>
> When I've got an army of 100,000 pc's scattered around
> the globe ready to try and connect() to your web server
> (without spoofing an IP#), how does anything in that
> article help?
>
> Darren
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailma...rewall-wizards
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailma...rewall-wizards
>


_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards