Re: Firewall-1 and ISA D.o.S.

[<overclocking_a_la_abuela () hotmail com>]

In-Reply-To: <3.0.5.32.20020218085949.012f4100@192.228.128.13>

When you stop the attack, the firewall recovers, but 
think that in the case of ISA D.o.S. I´m sending 
spoofed packets so it will be more difficult to find the 
attacker ( if you have not IDS or similar  ).
Suppose the length of the D.o.S. is 1 hour... nobody 
can surf the web, you can not access the ISA..., 
probably no VPN,... 

Think about it.

Hugo Vázquez Caramés
Security Consultant

> Received: (qmail 19118 invoked from network); 18 
Feb 2002 06:09:16 -0000
> Received: from outgoing3.securityfocus.com 
(HELO outgoing.securityfocus.com) (66.38.151.27)
>  by mail.securityfocus.com with SMTP; 18 Feb 
2002 06:09:16 -0000
> Received: from lists.securityfocus.com 
(lists.securityfocus.com [66.38.151.19])
>       by outgoing.securityfocus.com (Postfix) 
with QMQP
>       id 1EBEAA44EF; Sun, 17 Feb 2002 
21:25:10 -0700 (MST)
> Mailing-List: contact vuln-dev-
help () securityfocus com; run by ezmlm
> Precedence: bulk
> List-Id: <vuln-dev.list-id.securityfocus.com>
> List-Post: <mailto:vuln-dev () securityfocus com>
> List-Help: <mailto:vuln-dev-
help () securityfocus com>
> List-Unsubscribe: <mailto:vuln-dev-
unsubscribe () securityfocus com>
> List-Subscribe: <mailto:vuln-dev-
subscribe () securityfocus com>
> Delivered-To: mailing list vuln-
dev () securityfocus com
> Delivered-To: moderator for vuln-
dev () securityfocus com
> Received: (qmail 24253 invoked from network); 18 
Feb 2002 00:53:21 -0000
> Message-Id: <3.0.5.32.20020218085949.012f410