At 11:51 AM 5/25/00 +0200, Mikael Olsson wrote:
>Proxy firewalls (no stateless packet filtering cheats installed) won't
>let things like these through since the packet will fail to reassemble.
>The question is if the firewall itself will survive, lest it DoS your
>entire internet connection (ouch!).
>(IMHO, this is a problem that proxy people fail to mention when they
>discuss transport/network level DoS attacks)
Actually, proxy firewall vendors consider this a plus - if someone attempts
a network stack crash DOS on your network and the firewall crashes, nothing
gets through. That's a good thing. All you've got to do is fix that one
machine's stack and the DOS goes away.
-Rick
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
