OK here is a situation that I need some clarity on. We run Symantec Client Services (SCS) on all of our computers. This is a firewall, IDS, Anti-Spyware, and Antivirus all in one program. This is what my company decided to go with, good or bad. Here is the thing, if I am on computer A and start throwing suspicious packets to computer B then, computer B (because of the IDS in SCS) will block the IP address to computer A for 30 minutes. This is a good thing but I feel that this can be a form of DOS.

Let’s say that the email server was compromised (got a bad NIC or NIC driver) and started throwing out packets to the whole subnet. Then all computers will then ban the email server for 30 minutes and no one will be able to get their email.

Or how about someone got on the network and started throwing out suspicious packets with the IP address of the domain controllers, I think that this will then put the IP addresses of the domain controllers in the band list for 30 minutes. I feel that this can create an easy denial of server attack on our network.

I am not on the Software committee that is setting up this software for deployment. I was talking to my coworker saying that this is how I would start a DOS within my company. Is this something that we should be worried about?

-GA