Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14

Thread: DoS/DDoS and firewalls

  1. #11
    Very true, the more hardware you can use OUTSIDE your pc, the more stable it will be. I was thinking about a hardware firewall, I just wouldn't need it that often though. So I don't think it is worth it YET. They work great, but most people aren't hacked or DDoS'd very often, though if you are a server, they are probably a sound investment.

  2. #12
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    Originally posted here by ko123
    I know all about those kinds of floods, but like I said earlier, most of my posts are geared towards providing awareness for newbies.
    FYI: SYN is the TCP packet that sets up your connection, basically saying HI
    ACK says bye and tells the server it is logging off, so the server stops sending TCP packets back
    Actually, no, all data sent back and forth over a TCP IP connection is sent as ACK packets. The session starts in the following manner:

    Client sends SYN packet to server.
    Server sends SYN/ACK packet back to client.
    Client responds with ACK, which completes the connection in the sense that it is done being setup.
    Data is transferred back and forth via ACK packets.
    When the session closes, the client sends a FIN packet to the server.

    Also, a lot of servers nowadays are able to block those kinds of attacks because they are so easy to perpetrate, especially in linux and unix boxes. You CAN do them in windows NT and 2000 and XP fairly easily I have heard because they provide raw socket support letting the user create their own TCP packets, and I am fairly sure that the only way to do them is with some crazy kernel hacking or stuph.
    Well, you're wrong about that too. There are several network layer kits that provide raw socket functionality. Sub7 includes one (winpcap). Essentially you need a network socket layer replacement (winpcap is an example of this) on your OS, and a tool that can use it. You can perform a SYN flood from Win2K/XP by default, but with 9x and NT it requires a third party tool such as winpcap to do it. Easily obtainable, easily doable, and entirely Skript Kiddie like.

    Also, because of the nature of things, a SYN flood can occur naturally, if your site traffic suddenly jumps a significant amount. This is why sites slow down when there's a lot of users on them -- too many users for the webservers to handle the load.
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  3. #13
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    Probably the best reason not to run a software based firewall. I only trust hardware firewalls. And with some of the cheaper models out there selling for less then 80$, there is really no reason to run a software firewall.
    A hardware firewall still runs software you know. Maybe you need to learn the difference between Application-level firewalls, and packet-level firewalls.

    Originally posted here by ko123
    Very true, the more hardware you can use OUTSIDE your pc, the more stable it will be. I was thinking about a hardware firewall, I just wouldn't need it that often though. So I don't think it is worth it YET. They work great, but most people aren't hacked or DDoS'd very often, though if you are a server, they are probably a sound investment.
    Well, I'd just love to see your facts supporting this stability thing you seem to 'know all about'.

    Firewalls are a stupid investment if you misconfigure them. At that point, it'd be better to simply not have one at all. If you don't really have much of a clue what you're doing (which is what I see from these posts, mainly because it seems like neither of you understands how firewalls work) it's worse to have a firewall in place than it would be if you didn't. My reasoning? You feel like you're protected, when you aren't.

    Talk to etsh911 about firewalls, he's AO's resident guru in IRC.
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  4. #14
    Senior Member
    Join Date
    Apr 2002
    Posts
    889
    I don't see anything about a specific firewall in this only general terms. Also the reason for a firewall is not to deal with Dos or DDos Attacks, though in general one may see one time to time. Misconfig a firewall and it is usless, but my main reason for a firewall is to control the type of activity in coming and outgoing. Another tool to manage network capacity and what functions it may have. The IRC Dos thing has been around years and is nothing new, firewall can be very simple or complex, can they defen against Ddos well yes if configed right just like a router can. Me hardware/software firewall, and it is needed as much to keep the garbage from getting in and from my users from doing something stupid. Even in general terms for newbies I'd say research well before you make a choice, and ask people you know who have firewalls and how they use them.
    I believe that one of the characteristics of the human race - possibly the one that is primarily responsible for its course of evolution - is that it has grown by creatively responding to failure.- Glen Seaborg

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •