Re: Simple DOS attack on FW-1

From: Jeff Roberson (jrobersonat_private)
Date: Fri Jul 30 1999 - 17:06:37 PDT

Next message: Bryan Batchelder: "Internet Explorer 5.0 HTML Applications"

Previous message: Henrik Nordstrom: "Re: Redhat 6.0 cachemgr.cgi lameness"
Maybe in reply to: Lance Spitzner: "Simple DOS attack on FW-1"
Next in thread: Jason R. Rhoads: "Re: Simple DOS attack on FW-1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It seems to me that if they maintain TCP state they could set a
significantly smaller timeout if the connection is not established. So a
timeout of a minute should be set on the initial syn request, and the
larger timeout should only be used after the connection is established.
Also, if they implemented a circular buffer where connections that had
been idle the longest were disconnected in favor of new connections their
scalability might increase some.

Jeff

On Fri, 30 Jul 1999, David Taylor wrote:

> On Thu, 29 Jul 1999, Lance Spitzner wrote:
>
> > When FW-1's state connections table is full, it can no longer
> > accept any more connections (usually between 25,000-35,000
> > connections, depending on your system). You can increase this
> > number by increasing kernel memory for the FW-1 module and
> > hacking ../lib/table.def) However, a port scanner can build
> > that many connections in a manner of minutes.
>

Next message: Bryan Batchelder: "Internet Explorer 5.0 HTML Applications"
Previous message: Henrik Nordstrom: "Re: Redhat 6.0 cachemgr.cgi lameness"
Maybe in reply to: Lance Spitzner: "Simple DOS attack on FW-1"
Next in thread: Jason R. Rhoads: "Re: Simple DOS attack on FW-1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:54:31 PDT