No, it does not mean the IPS and/or Firewall is vulnerable... It means that the IPS and/or Firewall was designed to handle this amount. In fact, before you blame the IPS and/or Firewall you should consult the specifications to be sure you are reaching the device's limit.
If the limit differs of the specification then you have a design flaw, and you can say that it is vulnerable, otherwise it means that the IPS and/or Firewall is designed to work in small business, and if you need, want or desire to handle more connections / sessions you, or even the IPS and/or Firewall designer (usually the vendor or the partner), should do the home work... Just to add more in this topic, I want to point that sessions limitations is difficult to understand and address if you don't know what exactly is the environment you are try to protect. In some cases you have extraordinary complex environments that you have to study deeply to do your device sizing. Best regards. Nelson Brito [EMAIL PROTECTED] > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Ravi Chunduru > Sent: Thursday, October 11, 2007 1:14 PM > To: [email protected] > Subject: Sessions Resource Exhaustion > > using simple tools such as hping2 and others, i am able to exhaust > session resources in some firewall and IPS devices. some firewalls and > IPS devices addressing small business market segments seems to be > supporting maximum of 10000 sessions. these devices are not allowing > any new connections if all 10000 sessions are used up. > > can i say that these devices are vulnerable to simple DoS attacks? > > thanks > Ravi > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to > http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign= > intro_sfw > to learn more. > ------------------------------------------------------------------------ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
