GNAT Box uses a stateful inspection packet method for filtering information coming through the firewall. What this means is that the GNAT Box will look at each packet to make sure that its "state" is acceptable. Malformed packets are dropped, and not allowed. This is what many of the traditional DoS attacks involve.
GNAT Box simply does not respond to ping floods.
Being able to withstand DoS attacks is one major thing that separates ICSA certified firewalls from those not certified. Although some products provide basic protection, they cannot withstand DoS attacks (ex. Win Proxy)
With all of that said: the attacks on Yahoo! and buy.com and others were a different type of DoS call Distributed Denial of Service attacks (DDoS). This attack involved compromising many systems on large internet pipes and using them to access the victim's sites simultaneously. It has been reported that at the height of the attack Yahoo! was receiving more than 1 Gigabit of information per second. No information was lost and none of the systems were compromised, it was just a 4 hour long severe traffic jam on the site. There is not much that can be done to protect against this type of attack. In order to prevent such an attack would take a worldwide collective effort protect and identify the type of client that is used in this attack.
Here is an excerpt from an article on ZDNet discussing the attacks:
D.O.S. attacks have been with us for some time. Most firewalls know how to repel them, and most IT managers know how to track down the perpetrators with relative ease. However, the attack on Yahoo! utilized a relatively new tact, against which Yahoo! and its customers had very little recourse.
I hope this clears things up for you.
-John Ross
At 07:55 AM 2/9/00 -0800, you wrote:
Send postings to: [EMAIL PROTECTED]
Access the list archives at:
http://www.gnatbox.com/gb-users/
----------------------------------
I guess now may be an appropriate time to ask. Does Gnatbox have any kind
of defences against Denial-of-service attacks? If so, what are they?
Thanks,
-Simon
----------------------------------------------
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe gb-users your_email_address
in the body of the message
Global Technology Associates, Inc.
3505 Lake Lynda Drive
Suite 109
Orlando, FL 32817 USA
Tel: +1.407.380.0220 x105
Fax: +1.407.380.6080
