Stephen Gill wrote: > > Thought I'd pass this along. > > http://www.kb.cert.org/vuls/id/539363 Although this is something that people need to keep in mind when picking / designing a firewall, I'd argue that anything north of a stateless packet filter is going to be vulnerable to these sort of attacks. If you keep state, you will be vulnerable to state table overflows. Period. The only real question is: how much work does the attacker need to put in before it becomes painful for the networks that the firewall is protecting? Is being able to resist a 1 Mbps stream (~4500 pps) "Not vulnerable"? Is being able resist a 34 Mbps stream (~150 kpps) "Not vulnerable"? Or should every single firewall vendor report in and say "Vulnerable", and describe what the limit is? And, yes, ALG-only firewalls can also be overloaded. It's just a different type of 'state'. -- Mikael Olsson, Clavister AB Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05 Fax: +46 (0)660 122 50 WWW: http://www.clavister.com "Senex semper diu dormit" _______________________________________________ firewall-wizards mailing list firewall-wizardsat_private http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
This archive was generated by hypermail 2b30 : Wed Oct 16 2002 - 05:52:02 PDT