Home page logo

focus-ids logo IDS mailing list archives

RE: Sessions Resource Exhaustion
From: "Nelson Brito" <nbrito () sekure org>
Date: Mon, 15 Oct 2007 15:57:51 -0300

Please read the definition of DoS Attacks.

      I believe any firewall will be a victim if we setup a 
test launching the attack in LAB and let the resources tanked. 

Sorry, I don't need to read the detailed definition of DoS to know:
- You have a 100 Mbps network;
- You buy / deploy a 10 Mbps Firewall / IPS;
- You DONE!!!

You cannot expect your New Beatle has the same horse power of a Ferrari,
just like that.

That's pure math and doesn't mean you are under DoS attack, it means that
you didn't make your home work or didn't have the appropriate budget to
protect you assets.

      IPS can take care of many of these but an attacker can 
still modify the packet size and exhaust memory due to large 
packet size.

Now we are talking about design flaw.

      Hence when buying these solutions one need to 
understand the network architect of their network, available 
bandwidth and number of session vs.
resources calculations to size their firewall and IPS 
solution. This would create enough cushions for an 
administrator to react and remedy an attack.

Actually, I have no idea what is you point here... :-D

Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]