Recently? How recently? There was a DoS against the firebox from
approximatly 1 year ago involving the nestea attack, which has long since
been patched.
> Recently on the Networks & Telecom fair in Stockholm, Sweden,
> tests were performed against multiple firewalls, of which
> Watchguard Firebox II was one.
> During the tests, data flood tests were performed against a public
> FTP and SMTP service, which resulted in these crashing on the
> firewall. A reboot was required to restore functionality.
Data flood? what kind of data, your post is very short on facts.
> A representative claimed later that this would not be an issue
> with attack recognition turned on.
I doubt this is the companys offical stance on the issue, if there is one.
> I myself would not want to enable such a countermeasure, since
> it is very easy to turn it into a denial of service attack.
Having a server on the internet could very easily turn into a denial of
service attack.
Host B is your server, Host B smurfs host A. Your service is denied.
Or even lower tech. Host b is connected via oc-96, host b, ping -f host A.
The point is, if someone wants to DoS you, they can, no matter what firewall
your running.
> Assume that I know that host A on the 'net wants to communicate
> with host B (a public web server perhaps?) behind a firebox.
> All I'd have to do to disrupt communication would be to send a
> couple of christmas tree packets to host B, claiming to be from
> host A, and I'd very efficiently have denied host A access to
> host B for 20 minutes.
>
> And, all I'd have to do to keep the DoS up is to send another couple
> of nastygrams every 20 minutes.
>
> Does this strike anyone else as a "not so good idea"?
Depends if your more worried about DoS than compromise.
> Just my $.02
I think your $.02 is worth about that much, your baseing your opinion on
some display you saw at a computer fair. As far as you know the people were
useing a unpatched version of the firebox just so it would crash.
> Regards,
> Mike
I dont work for watchguard, or even use the product, but I dont think mikes
post was objective or informed.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
