Q: My firewall does not seem to me to protect against DoS attacks. Of course I have a Netgear NAT box / firewall. will be a better firewall DOS attacks against me or not?
Panic Attacks No More.
Re:Yeah, I'm just trying to differentiate between what is assumed to be a DoS attack from "all the rest"
The statement "I would think the best way survive a DOS attack would be for an upstream router (a.k.a. your ISP) to dump the offending traffic before it gets to your
circuit." assumes that DoS packet floods are the type of DoS attack referred to (Which is correct of course 
)
Mal de dos 101
Re:Originally posted by: guy
Umm, don't most DoS attacks PRIMARILY rely on limited *Internet* bandwidth? A successful DoS flood of the server or the router's bandwidth over the Internet will have same effect to the server. Therefore, a router does NOTHING to fix the problem unless the flood which couldn't choke the router can choke the server (Unlikely. Who has less bandwidth OFF the Internet than on it?). Also, a router can't stop an ACK packet flood from spoofed SYN packets!
I've seen many recent articles call any attack that takes a server off-line a "DoS Attack," including the ol' "Ping of Death" vulnerability in Windows95 (They mentioned this specifically)! Just because the server is no longer in service or no longer capable of servicing a request doesn't mean it's a genuine DoS attack. If I use a buffer overflow flaw to install a backdoor trojan and I used it to simply shut down Windows, is that a DoS attack? NO, but we should keep this "new definition" in mind when answering questions like this. I mean, how relevant is the router answer to THAT kind of "DoS attack?"
The Ping of Death was a denial of service. Service was interrupted, much the same way it would have been with a syn flood. Installing a trojan on a machine is a compromise, shutting it down made it malicious.
Anyhow, routers and firewalls can help prevent DoS attacks. A router at the ISP side of things (where they have a lot of bandwidth) with good filters can reduce if not stop DoS attacks (bandwidth starvation in particular). Some commercial firewalls and other security devices can limit SYN floods and the like. Proper filters on local routers can help prevent spoofing.
As far as buffer overflows and the like, those obviously have to be taken care of on the server itself.
Panic Attack Survival Guide
Re:Umm, don't most DoS attacks PRIMARILY rely on limited *Internet* bandwidth? A successful DoS flood of the server or the router's bandwidth over the Internet will have same effect to the server. Therefore, a router does NOTHING to fix the problem unless the flood which couldn't choke the router can choke the server (Unlikely. Who has less bandwidth OFF the Internet than on it?). Also, a router can't stop an ACK packet flood from spoofed SYN packets!
I've seen many recent articles call any attack that takes a server off-line a "DoS Attack," including the ol' "Ping of Death" vulnerability in Windows95 (They mentioned this specifically)! Just because the server is no longer in service or no longer capable of servicing a request doesn't mean it's a genuine DoS attack. If I use a buffer overflow flaw to install a backdoor trojan and I used it to simply shut down Windows, is that a DoS attack? NO, but we should keep this "new definition" in mind when answering questions like this. I mean, how relevant is the router answer to THAT kind of "DoS attack?"
Learning Spanish Like Crazy – Nive Dos
Re:Just about any of the hardware firewalls will kill a DOS attack before it becomes a problem. The only problem, as was mentioned earlier, is bandwidth. If you are running on a T1 or something similar and it is a large attack, then you don't have any real chance because your bandwidth will be starved.
The Watchguard Firebox 700's are pretty good for this kind of thing.
Anxiety & Panic Attacks Solution
Re:Originally posted by: dnetmhz
I would think the best way survive a DOS attack would be for an upstream router (a.k.a. your ISP) to dump the offending traffic before it gets to your
circuit.
My thoughts exactly. Kill the traffic when the pipe is bigger
Alleviate Panic Attacks Fast
Re:I would think the best way survive a DOS attack would be for an upstream router (a.k.a. your ISP) to dump the offending traffic before it gets to your
circuit.
Heart Attack Survivor – a field guide
Re:yes.
Negear Websafe pro will do the trick cheaply.
Then again, DoS can destroy pretty much anything if they are powerful enough, or at least bog down your line
0 Comments.