Rahul, Is it not common to have IPsec VPN Server in typical network deployments?
Regards Ravi On 10/15/07, Rahul K <[EMAIL PROTECTED]> wrote: > On 10/13/07, Ravi Chunduru <[EMAIL PROTECTED]> wrote: > > On 10/12/07, H D Moore <[EMAIL PROTECTED]> wrote: > > > If you can fill the state table using just SYN packets (without doing a > > > full session setup), then the device in question is just crap :-) > > > > i could not exhaust state tables with TCP. I sent UDP:500 traffic > > with different source ports to fill up the state table. It makes me > > wonder whether may stateful devices are vulnerable to these kinds of > > attacks. > > UDP may be stateless, but the moment an IPS receives an UDP packet > with some content it would have to initialize and maintain a session > for that packet because the signature matching and other checks have > to kick in. So it is not surprising that you could fill up the state > table with UDP:500 traffic. It is easier to spoof UDP packets than > complete the 3-way TCP handshake, so you may have been able to fill up > the table faster too. > > However in your deployment scenario, would you really be allowing > incoming UDP traffic or would your firewall be dropping them before it > is seen by the IPS? > > Rahul > ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
