A DOS attack is based on making more requests than the
devices recieving the requests can handle. A true
attack is launched from many locations at the same
time and can cripple nearly any network device that is
invloved on the recieving end. When traffic is
disallowed by the firewall, the firewall still has to
determine that it is not allowed (whether by default
as you say or not) so enough of this rejected traffic
can still bring you down. Also,typically a DOS attack
is launched against Web servers in a DMZ that must
allow HTTP(80) to function. The chances of someone
launching a DOS attack on just any old firewall or
webserver is slim to none, what fun would that be.
Everybody wants to bring down the big guys.
Checkpoint, the leading firewall in the industry has
attempted to develop their software (SYNDEFENDER) to
stop DOS attacks and in real world tests it failed
miserably.
remember syn syn/ack ack
--- Zachary Uram <[EMAIL PROTECTED]> wrote:
> so then firewall totally helpless to DoS attack?
> that sounds really bad
> there must be some way around this
> such as all packets are encrypted to u and are
> ignored by default
>
> On Thu, 7 Jun 2001, patrick kerry wrote:
>
> > There is no mechanism to stop a DOS attack on the
> fire
> > box. Actually on most firewalls a true DOS attack
> is
> > impossible to stop. Have your Firewall admin
> allow
> > the ICMP packets inbound from only that mail
> server
> > (host). I doubt if your ISP will launch a DOS
> attack
> > against you, even if they did you would be
> helpless
> > against it.
> > --- Barry George <[EMAIL PROTECTED]> wrote:
> > > Hi All,
> > >
> > > We have a Firebox II setup stopping most of what
> we
> > > don't want.
> > > Everything has been running nicely, then our
> city
> > > run ISP installed a
> > > new mail server. We found that mail from its
> domain
> > > was being slowed
> > > down or blocked. On inspection to turns out that
> our
> > > firewall was being
> > > hit constantly my there mail server destined for
> our
> > > mail server. Seems
> > > they are sending ICMP packets for PMTU
> discovery, so
> > > the Firebox sees
> > > these ICMP packets as a possible DoS attack and
> > > locks out the
> > > domain.Seems the frequency has increased to
> several
> > > packets per second
> > > at worst.
> > > The ISP says they are just following standard
> > > RFC1191 protocols, but
> > > something has to have changed as we haven't had
> this
> > > problem before.
> > >
> > > If we let these through to our mail server are
> we
> > > opening ourselves up
> > > to attack? Sorry I don't directly configure the
> > > Firebox myself so I'm
> > > not sure what config. capabilities it has. I'd
> > > appreciate any discussion
> > > on this.
> > >
> > > Barry
> > >
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Get personalized email addresses from Yahoo! Mail
> - only $35
> > a year! http://personal.mail.yahoo.com/
> > -
> > [To unsubscribe, send mail to
> [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the
> message.]
> >
>
>
> [EMAIL PROTECTED]
> "Blessed are those who have not seen and yet have
> faith." - John 20:29
>
> -
> [To unsubscribe, send mail to
> [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35
a year! http://personal.mail.yahoo.com/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
