This is a multi-part message in MIME format.
--------------060002090208080101080708
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

If I understand your email, you are saying firewalls are good at (2). I
doubt if anyone disagrees with you but that's not a huge accomplishment
for a firewall in 2007.

(1) is the huge problem area. BCP38 does encourage behavior that would
mitigate some but not all DDOS attacks of this kind. Think Estonia.

(3) is also a more important problem today than (2).

So I'm not certain that you've done much to debunk the "firewalls can't
prevent DDOS attacks" assertion.

Darden, Patrick S. wrote:
> I believe you are missing the point. Three types of DOS
>
> 1. bandwidth flood--several dos and most ddos, smurf,
> stacheldraht, only way to protect against them is to
> prevent them, only way to prevent them is if all networks
> protect others from themselves.
>
> 2. purposely (mal)shaped packets--teardrop, ping of death, etc.;
> any good firewall prevents known examples.
>
> 3. application shaped--e.g. sending a continuous stream of
> connection packets to an apache web server, letting them time
> out at 15 minutes, thus keeping others from connecting; etc.
> Most security features provide *very limited* relief from this,
> limiting the # of connections from the same sip, decreasing
> tcp timeout from 15 mins to 30 seconds, etc.
>
> Helpful?
>
> --Patrick Darden
>
>
>
> -----Original Message-----
>
>> ....
>> http://www.sans.org/dosstep/index.ph...f8f2dc977d796e
>>
>>

>
> I see nothing in that article that explains how a firewall
> can be used to defend against a DOS (or DDOS) attack.
>
> All I see is how to avoid yourself from being used as the
> source of one - where source IP addresses are forged.
>
> When I've got an army of 100,000 pc's scattered around
> the globe ready to try and connect() to your web server
> (without spoofing an IP#), how does anything in that
> article help?
>
> Darren
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailma...rewall-wizards
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailma...rewall-wizards
>


--------------060002090208080101080708
Content-Type: text/x-vcard; charset=utf-8;
name="dave.vcf"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="dave.vcf"

begin:vcard
fnavid Piscitello
n:Piscitello;David
adr;dom:;;3 Myrtle Bank Lane;Hilton Head;SC;29926
email;internet:dave@corecom.com
x-mozilla-html:FALSE
url:http://hhi.corecom.com/weblogindex.htm
version:2.1
end:vcard


--------------060002090208080101080708
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards

--------------060002090208080101080708--