June 19th, 2002, 02:55 PM
DoS/DDoS and firewalls
According to most posts, people believe that getting a firewall will protect you from everything and that you won't have to reboot your computer or anything. Well, that could be true in some DoS cases, DoS only comes from one person, is much less harmful than DDoS. DoS usually depends on the person being attacked having a lower quality internet connection, if somebody on cable was trying to take down somebody on DSL, with or without a firewall it would most likely not work, and vice versa. Because that one person can only send out so much traffic at one time, though DoS attacks are still possible on dial-up users, but then again, with dial-up all a user must do is disconnect and logon again, and will then have a new IP address and the person trying the attack will not know what the new IP address is. So I don't think DoS attacks are that dangerous. Though firewalls may be effective against DoS attacks even they can't really cope with DDoS attacks.
Distributed Denial of Service attacks are pretty dangerous. They usually depend on people infecting other people's computers's. People usually send trojans that communicate with the person who sent the trojan, telling him they are online, and that they are available to attack a person. Often these infected computers logon to an IRC network, because it is fast, easy, and on things like ICQ you have to have people on buddy lists to organize a network of people. YOU CAN AVOID INFECTION WITH GOOD ANTI-VIRUS SOFTWARE! So first thing, go save yourself some bandwidth loss, by getting antivirus software and scanning your computer, and also save other people, DDoS attacks can't happen as often if people don't let them. Also uninstall and then reinstall your antivirus software, the reason being people often send out other programs with trojans, that are designed to compromise antivirus software and firewalls. Also, check out any programs that may be running on start up, because if you can do that then you can probably stop most trojans without the need of a firewall or antivirus software. To check for trojans on start up try checking autoexec.bat, any bat files, and win.ini, and if you find any files you find to be suspicious, then make a post asking about them or go to a search engine.
With DDoS people with broadband connections could team up to amass the collective bandwidth power of an OC3 line, (NEVER get the user of an OC or DS line mad at you, trust me, they have enough bandwidth to either knock you offline, or at least make you lag to a 28k connection )
Before I go any further, IF YOU THINK YOU ARE BEING DDoS'D THEN CALL YOUR ISP! THEY CAN HELP!
And now what I really wanted to talk about, firewalls users being DDoS'd. I do not know what most people think about the two, but let me tell you what I know. Even with firewalls, you can still be affected by these attacks, especially if you are using a slower computer, like me. Firewalls still have to block those packets, and in some ways this is even worse, because when a firewall is trying to block all these packets (or absorb them depending on your firewall) it puts a strain on your computer, processing power and all, and if you do not have enough to spare, then you might be out of luck. You may be forced to reboot, because all those system resoucres being eaten up by the firewall may make your computer unstable. However, if you have a new computer, you may being with a firewall, you may be almost impervious to these attacks. I know that when I was using zone alarm pro, on this computer, 133mhz, 32 megs of ram, I had to reboot when I was DDoS'd.
I hope this helped explain some of the limitations of firewalls. Bye.
June 19th, 2002, 03:36 PM
June 19th, 2002, 03:57 PM
Ummm, just a clarification.... DoS is not always an attack on your internet connection. It is an attack on any service. Being "nuked" from IRC/IM/etc is a for of DoS attack, and firewalls often help those. They don't rely on how fast your connection is. A 56k dialup can nuke a cable modem with the proper nuke program. Most firewalls can stop a nuker though.
A DDoS attack will affect you with a firewall or not. The reason is that they are sending to much information to your computer. It is an attack against your bandwidth, not against your machine. Even a perfect firewall that uses no computer resourses won't help. You can only send so much information accross your internet connection. If 100 machines are sending you all the information you can get at once, your intenet connection is basically dead.
\"Ignorance is bliss....
but only for your enemy\"
June 19th, 2002, 04:06 PM
Actually, I never talked about what a DoS attack was, and I never said it was only against internet users, but since most of the stuff I post is towards newbies, that much is kind of implied. And the point of this whole post was to show that whether you had a firewall or not, a DDoS attack would still affect you whereas a DoS attack would not. And actually in DoS, speed does matter somewhat, not all people use nukers, some send special ping packets, and the rate those are sent out affects they rate they are replied to.
June 19th, 2002, 04:15 PM
I wasn't disagreeing with anything you said, I was just putting some clarification on it.
\"Ignorance is bliss....
but only for your enemy\"
June 19th, 2002, 04:19 PM
I know you weren't. I just wanted to say that I had never said anything that needed to be clarified. Plus some argument is fun. And if I keep posting, well then, the more people who read this, and then the more positive points I get, for posting this.
June 19th, 2002, 04:52 PM
Actually, a single ip-based DoS can also kill your connection, but meh...
BTW, there's a specific type of DoS that can be prevented: SYN floods. Using SYN cookies (common to most Unixes nowadays, AFAIK) will prevent resources from being allocated on the host machine until it receives a proper ACK packet. Since most SYN floods are just simply SYN and not SYN+ACK floods, this stops them dead in their tracks.
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?
June 19th, 2002, 05:06 PM
I know all about those kinds of floods, but like I said earlier, most of my posts are geared towards providing awareness for newbies.
FYI: SYN is the TCP packet that sets up your connection, basically saying HI
ACK says bye and tells the server it is logging off, so the server stops sending TCP packets back
Also, a lot of servers nowadays are able to block those kinds of attacks because they are so easy to perpetrate, especially in linux and unix boxes. You CAN do them in windows NT and 2000 and XP fairly easily I have heard because they provide raw socket support letting the user create their own TCP packets, and I am fairly sure that the only way to do them is with some crazy kernel hacking or stuph.
June 19th, 2002, 06:15 PM
And one more thing to be noted when thinking of DoS attacks, if you have windows95a then you can send ping packets that are larger than 64 bytes, though I am not sure if this means that windows95a users have raw socket access, I doubt that they do though, or it would have probably been mentioned.
June 19th, 2002, 07:15 PM
Probably the best reason not to run a software based firewall. I only trust hardware firewalls. And with some of the cheaper models out there selling for less then 80$, there is really no reason to run a software firewall.