Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Simple DOS attack on FW-1
From: jroberson () CHESAPEAKE NET (Jeff Roberson)
Date: Fri, 30 Jul 1999 20:06:37 -0400


It seems to me that if they maintain TCP state they could set a
significantly smaller timeout if the connection is not established. So a
timeout of a minute should be set on the initial syn request, and the
larger timeout should only be used after the connection is established.
Also, if they implemented a circular buffer where connections that had
been idle the longest were disconnected in favor of new connections their
scalability might increase some.

Jeff

On Fri, 30 Jul 1999, David Taylor wrote:

On Thu, 29 Jul 1999, Lance Spitzner wrote:

When FW-1's state connections table is full, it can no longer
accept any more connections (usually between 25,000-35,000
connections, depending on your system). You can increase this
number by increasing kernel memory for the FW-1 module and
hacking ../lib/table.def) However, a port scanner can build
that many connections in a manner of minutes.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault