Security Basics
Diff ways to prevent DoS and DDoS Apr 03 2012 05:30AM
sneha.anand.26@gmail.com (sneha anand 26 gmail com) (3 replies)
Re: Diff ways to prevent DoS and DDoS Apr 20 2012 10:44AM
Don Thomas (don thomasjacob gmail com) (1 replies)
RE: Diff ways to prevent DoS and DDoS Apr 24 2012 09:58PM
David Gillett (gillettdavid fhda edu) (1 replies)
From: Don Thomas [mailto:don.thomasjacob (at) gmail (dot) com [email concealed]] wrote:

> 1st you need to think beyond your network firewalls and ACL on the router.
Firewalls and ACL can never stop DoS attacks as they can stop only
information you have asked it
> to stop.

Ooops. You've provided no argument that establishes that we cannot ask
firewalls or ACLs to block DoS/DDoS attacks....

There *are* two relevant limitations of firewalls and ACLs, but they're
not what you suggest here:

1. Firewalls and ACLs effectively classify traffic into three categories:
known good, known bad, and unknown. They may have to base this
categorization on inadequate information -- for instance, to an ACL there's
no easy way to distinguish a simple ping from a ping-of-death. Sometimes
the only real difference between legitimate traffic and a DoS/DDoS is the
rate of such traffic; ACLs provide no way to specify this, and not all
firewalls do either...

2. A firewall or ACL can only act on traffic that reaches the location
where it is implemented. In some cases, a DoS/DDoS attack may do its damage
before reaching that point. For instance, a trivial brute-force bandwidth
consumption attack will probably manage to saturate the ISP connection
regardless of whether it is blocked once it arrives at the target's site.

Disproof by counterexample: My ACLs block some specific DoS attacks that
used to knock us off the Internet routinely.

David Gillett, CISSP CCNP

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]
Re: Diff ways to prevent DoS and DDoS Apr 26 2012 03:05AM
_ (packetnull gmail com) (1 replies)
Re: Diff ways to prevent DoS and DDoS Apr 26 2012 11:01AM
Don Thomas (don thomasjacob gmail com)
Re: Diff ways to prevent DoS and DDoS Apr 03 2012 01:28PM
Thugzclub (thugzclub googlemail com) (1 replies)
Re: Diff ways to prevent DoS and DDoS Apr 03 2012 03:25PM
Littlefield, Tyler (tyler tysdomain com) (1 replies)
RE: Diff ways to prevent DoS and DDoS Apr 03 2012 05:57PM
David Gillett (gillettdavid fhda edu)
Re: Diff ways to prevent DoS and DDoS Apr 03 2012 01:09PM
Todd Haverkos (infosec haverkos com)


 

Privacy Statement
Copyright 2010, SecurityFocus