DoS/DDoS and firewalls
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: DoS/DDoS and firewalls

  1. #1
    Banned
    Join Date
    Jun 2002
    Posts
    29

    DoS/DDoS and firewalls

    Hi everybody, I heard that the threads of banned members are deleted so I figured I'd post this again.

    According to most posts, people believe that getting a firewall will protect you from everything and that you won't have to reboot your computer or anything. Well, that could be true in some DoS cases, DoS only comes from one person, is much less harmful than DDoS. DoS usually depends on the person being attacked having a lower quality internet connection, if somebody on cable was trying to take down somebody on DSL, with or without a firewall it would most likely not work, and vice versa. Because that one person can only send out so much traffic at one time, though DoS attacks are still possible on dial-up users, but then again, with dial-up all a user must do is disconnect and logon again, and will then have a new IP address and the person trying the attack will not know what the new IP address is. So I don't think DoS attacks are that dangerous. Though firewalls may be effective against DoS attacks even they can't really cope with DDoS attacks.
    Distributed Denial of Service attacks are pretty dangerous. They usually depend on people infecting other people's computers's. People usually send trojans that communicate with the person who sent the trojan, telling him they are online, and that they are available to attack a person. Often these infected computers logon to an IRC network, because it is fast, easy, and on things like ICQ you have to have people on buddy lists to organize a network of people. YOU CAN AVOID INFECTION WITH GOOD ANTI-VIRUS SOFTWARE! So first thing, go save yourself some bandwidth loss, by getting antivirus software and scanning your computer, and also save other people, DDoS attacks can't happen as often if people don't let them. Also uninstall and then reinstall your antivirus software, the reason being people often send out other programs with trojans, that are designed to compromise antivirus software and firewalls. Also, check out any programs that may be running on start up, because if you can do that then you can probably stop most trojans without the need of a firewall or antivirus software. To check for trojans on start up try checking autoexec.bat, any bat files, and win.ini, and if you find any files you find to be suspicious, then make a post asking about them or go to a search engine.
    With DDoS people with broadband connections could team up to amass the collective bandwidth power of an OC3 line, (NEVER get the user of an OC or DS line mad at you, trust me, they have enough bandwidth to either knock you offline, or at least make you lag to a 28k connection )
    Before I go any further, IF YOU THINK YOU ARE BEING DDoS'D THEN CALL YOUR ISP! THEY CAN HELP!
    And now what I really wanted to talk about, firewalls users being DDoS'd. I do not know what most people think about the two, but let me tell you what I know. Even with firewalls, you can still be affected by these attacks, especially if you are using a slower computer, like me. Firewalls still have to block those packets, and in some ways this is even worse, because when a firewall is trying to block all these packets (or absorb them depending on your firewall) it puts a strain on your computer, processing power and all, and if you do not have enough to spare, then you might be out of luck. You may be forced to reboot, because all those system resoucres being eaten up by the firewall may make your computer unstable. However, if you have a new computer, you may being with a firewall, you may be almost impervious to these attacks. I know that when I was using zone alarm pro, on this computer, 133mhz, 32 megs of ram, I had to reboot when I was DDoS'd.
    I hope this helped explain some of the limitations of firewalls. Bye.

  2. #2
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424
    Banned members' threads are not deleted. You could have found out by yourself by just scrolling down a little in the Tutorials main idex. You'll see another thread with the exact same title... Oh, and before you make another post asking what happened to the tutorial you posted twice... Don't, I deleted them...

  3. #3
    Senior Member
    Join Date
    Feb 2002
    Posts
    1,210
    sorry if i go OT here but where is hogfly when you REALLY need him ? (if you catch my drift)

  4. #4
    Banned
    Join Date
    Jun 2002
    Posts
    29
    who is hogfly?

  5. #5
    AntiOnline Newbie
    Join Date
    Apr 2002
    Posts
    91
    The following section of your tutorial really made me curious:

    And now what I really wanted to talk about, firewalls users being DDoS'd. I do not know what most people think about the two, but let me tell you what I know. Even with firewalls, you can still be affected by these attacks, especially if you are using a slower computer, like me. Firewalls still have to block those packets, and in some ways this is even worse, because when a firewall is trying to block all these packets (or absorb them depending on your firewall) it puts a strain on your computer, processing power and all, and if you do not have enough to spare, then you might be out of luck. You may be forced to reboot, because all those system resoucres being eaten up by the firewall may make your computer unstable. However, if you have a new computer, you may being with a firewall, you may be almost impervious to these attacks. I know that when I was using zone alarm pro, on this computer, 133mhz, 32 megs of ram, I had to reboot when I was DDoS'd.
    This lead me to recall that last summer and fall during the height of the Red Code infection problem, I was receiving in excess of 500 alerts on my Zone Alarm a day. How many more I don't know, as Zone Alarm quits alerting after 500. Though the number of alerts gradually decreased, while with that ISP, I continued to receive several hundred alerts a day until the end of October, when I switched ISPs. Then it abruptly decreased to ten or fifteen alerts a day, sometimes less.

    During that same period I recall having my computer freeze and having to reboot a number of times. At the time, I attributed it to the way I was working, possibly having too many applications open simuntaneously. But this makes me wonder. Might too many alerts on the Zone Alarm have contributed to the problem? (Windows 98se, Pentium III, 600mhz, 128 mb RAM, cable)

    Edit: I say I have cable, but that service can vary. I just ran some bandwidth tests, which ranged from 122 to 133 KB. It is supposed to be 500 KB service.

  6. #6
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    Which is why I said in the other post with the same topic that a hardware firewall is much much better then a software firewall. Weird thing that somebody gave me negative antipoints for that. must be a symantec employee.

    Anyways.. Hardware firewalls do not have this problems. Yes, the circuit can be overloaded and cause you to not have any net connection, but your machine itself is not impacted at all. I personnally would never run a software based firewall on a windows machine. I could see doing something along the lines of using freebsd or Solaris as a dedicated proxy firewall machine, but I would make sure that I didn't need to use that machine for any other purposes.

  7. #7
    Banned
    Join Date
    Jun 2002
    Posts
    29
    It is possible that zonealarm was consuming too many system resources and caused your system to become unstable. And while things like hardware firewalls aren't prone to compromise your system in the same way because they do not consume system resources, they are harder to configure, they cost more and so very few home users will ever need them.

  8. #8
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    Originally posted here by komo
    It is possible that zonealarm was consuming too many system resources and caused your system to become unstable. And while things like hardware firewalls aren't prone to compromise your system in the same way because they do not consume system resources, they are harder to configure, they cost more and so very few home users will ever need them.

    I disagree. For the reasons stated, home users should be using hardware firewalls. The reasons you stated is why most home users will more then likely not use one. However, that does not mean they should be dropped from the topic. If someone is here reading these forums, the assumption would be that they are concerned about security, and as such they should be told the best solutions.

    BTW> My linksys router cost me 49$ after mail in rebate. Just a little bit more expensive then registering some of the software packages that are available.

  9. #9
    AntiOnline Newbie
    Join Date
    Apr 2002
    Posts
    91
    Thanks for the replies, mohaughn.

    So how vulnerable are software firewalls really? And how difficult are hardware firewalls to configure?

    A year or so ago I installed Zone Alarm instead of Norton Personal Firewall, which I had already purchased because of advice I received on another computer bulletin board that Zone Alarm would be easier for me to configure. At this stage of life, my brain can only handle so much at one time. At that point I was so totally overwhelmed with learning all the new computer hardware and software and dealing with life's problems that I really had to keep things as simple as possible. With a new scanner and digital camera and imaging software to learn, I still have all I can handle for now.

    But life is full of choices, and it doesn't hurt to look at what my priorities might be a few months down the road. And yes, I'm here hoping to learn things which will help me formulate those priorities.

  10. #10
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    Originally posted here by mohaughn
    Which is why I said in the other post with the same topic that a hardware firewall is much much better then a software firewall. Weird thing that somebody gave me negative antipoints for that. must be a symantec employee.
    Actually, I'm not, you know who it was, because I always append my handle... I told you to figure out WTF you were talking about, and THEN dispense advice.

    Anyways.. Hardware firewalls do not have this problems. Yes, the circuit can be overloaded and cause you to not have any net connection, but your machine itself is not impacted at all.
    Again, you need to start making a differentiation between Application-level and packet-level firewalls, not just 'hardware firewalls are better'.

    I personnally would never run a software based firewall on a windows machine. I could see doing something along the lines of using freebsd or Solaris as a dedicated proxy firewall machine, but I would make sure that I didn't need to use that machine for any other purposes.
    Again, Application-level firewalls are for OUTBOUND traffic in principle, while packet-level firewalls are for INBOUND traffic (again, in principle)...

    Please make a little bit of an effort to understand what you're discussing before you attempt to dispense advice that may or may not be correct.

    Would you suggest that I get a hardware firewall to replace my machine's 'software' firewall?
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •