to add on this DoS/DDoS/DRDoS are usually based on timing and amount of connections ACL's are a first line of defense. Nasty little buggers they are attackers will try to "deny" service from layers 3 to 7. thats why security folks come up with new fancy terms like NGFW's same thing bonded together�

On Apr 24, 2012, at 3:58 PM, "David Gillett" <gillettdavid (at) fhda (dot) edu [email concealed]> wrote:

> From: Don Thomas [mailto:don.thomasjacob (at) gmail (dot) com [email concealed]] wrote:
>
>> 1st you need to think beyond your network firewalls and ACL on the router.
> Firewalls and ACL can never stop DoS attacks as they can stop only
> information you have asked it
>> to stop.
>
> Ooops. You've provided no argument that establishes that we cannot ask
> firewalls or ACLs to block DoS/DDoS attacks....
>
> There *are* two relevant limitations of firewalls and ACLs, but they're
> not what you suggest here:
>
> 1. Firewalls and ACLs effectively classify traffic into three categories:
> known good, known bad, and unknown. They may have to base this
> categorization on inadequate information -- for instance, to an ACL there's
> no easy way to distinguish a simple ping from a ping-of-death. Sometimes
> the only real difference between legitimate traffic and a DoS/DDoS is the
> rate of such traffic; ACLs provide no way to specify this, and not all
> firewalls do either...
>
> 2. A firewall or ACL can only act on traffic that reaches the location
> where it is implemented. In some cases, a DoS/DDoS attack may do its damage
> before reaching that point. For instance, a trivial brute-force bandwidth
> consumption attack will probably manage to saturate the ISP connection
> regardless of whether it is blocked once it arrives at the target's site.
>
> Disproof by counterexample: My ACLs block some specific DoS attacks that
> used to knock us off the Internet routinely.
>
> David Gillett, CISSP CCNP
>
>
> ------------------------------------------------------------------------

> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
> ------------------------------------------------------------------------

>

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]