At 10:03 10/02/98 +0100, Manuel.Gil_at_gecits-eu.com wrote:
>
>
>
>
>There is a test in DataCom WEB site, where you can find information about
>the status of the Firewall-1 after you fill the disk with the log.
>
>http://www.data.com/lab_tests/firewalls97.html
>
>They say exactly:
>
> The fourth attack involves filling the disk of the
>firewall. If such an assault is mounted, a firewall should shut down. Only
>those
> products from Altavista, Cyberguard, Netguard
> (Migdal Ha-Emek, Israel), Sun, and Trusted Information Systems Inc. (TIS,
> Rockville, Md.) did so (the last two because
>they run on Solaris, which shuts down in response to a full disk; versions
>of TIS for
> other operating systems will continue to
>operate). The next best thing would be to continue operating but deny all
>external
> access attempts--which is what firewalls from
> IBM and Milkyway did. All other products continued to operate normally,
>which
> raises a major security concern if logging
>occurs on the firewall machine. Ideally, logs should be kept on an external
> machine or
> moved frequently to read-only media.
>
Folks,
If the firewall shuts down when the log disk fills up, as per the first
part of the quote above - doesn't that amount to a successful
denial-of-service attack?
Regards
Christopher
-----------------------------------------------------------------------------
Christopher Nicholls
chrisn_at_dynamite.com.au ~~~~~~~ chrisn_at_softway.com.au
-----------------------------------------------------------------------------
m: 0411 454755
w: +61 2 6243 4834 h: +61 2 6241 2112
wf: +61 2 6243 4848 hf: +61 2 6241 8926
"The good news is... there's no bad news...."
Received on Feb 10 1998
Intro
