Printable View
Very true, the more hardware you can use OUTSIDE your pc, the more stable it will be. I was thinking about a hardware firewall, I just wouldn't need it that often though. So I don't think it is worth it YET. They work great, but most people aren't hacked or DDoS'd very often, though if you are a server, they are probably a sound investment.
Actually, no, all data sent back and forth over a TCP IP connection is sent as ACK packets. The session starts in the following manner:Quote:
Originally posted here by ko123
I know all about those kinds of floods, but like I said earlier, most of my posts are geared towards providing awareness for newbies.
FYI: SYN is the TCP packet that sets up your connection, basically saying HI
ACK says bye and tells the server it is logging off, so the server stops sending TCP packets back
Client sends SYN packet to server.
Server sends SYN/ACK packet back to client.
Client responds with ACK, which completes the connection in the sense that it is done being setup.
Data is transferred back and forth via ACK packets.
When the session closes, the client sends a FIN packet to the server.
Well, you're wrong about that too. There are several network layer kits that provide raw socket functionality. Sub7 includes one (winpcap). Essentially you need a network socket layer replacement (winpcap is an example of this) on your OS, and a tool that can use it. You can perform a SYN flood from Win2K/XP by default, but with 9x and NT it requires a third party tool such as winpcap to do it. Easily obtainable, easily doable, and entirely Skript Kiddie like.Quote:
Also, a lot of servers nowadays are able to block those kinds of attacks because they are so easy to perpetrate, especially in linux and unix boxes. You CAN do them in windows NT and 2000 and XP fairly easily I have heard because they provide raw socket support letting the user create their own TCP packets, and I am fairly sure that the only way to do them is with some crazy kernel hacking or stuph.
Also, because of the nature of things, a SYN flood can occur naturally, if your site traffic suddenly jumps a significant amount. This is why sites slow down when there's a lot of users on them -- too many users for the webservers to handle the load.
A hardware firewall still runs software you know. Maybe you need to learn the difference between Application-level firewalls, and packet-level firewalls.Quote:
Probably the best reason not to run a software based firewall. I only trust hardware firewalls. And with some of the cheaper models out there selling for less then 80$, there is really no reason to run a software firewall.
Well, I'd just love to see your facts supporting this stability thing you seem to 'know all about'.Quote:
Originally posted here by ko123
Very true, the more hardware you can use OUTSIDE your pc, the more stable it will be. I was thinking about a hardware firewall, I just wouldn't need it that often though. So I don't think it is worth it YET. They work great, but most people aren't hacked or DDoS'd very often, though if you are a server, they are probably a sound investment.
Firewalls are a stupid investment if you misconfigure them. At that point, it'd be better to simply not have one at all. If you don't really have much of a clue what you're doing (which is what I see from these posts, mainly because it seems like neither of you understands how firewalls work) it's worse to have a firewall in place than it would be if you didn't. My reasoning? You feel like you're protected, when you aren't.
Talk to etsh911 about firewalls, he's AO's resident guru in IRC.
I don't see anything about a specific firewall in this only general terms. Also the reason for a firewall is not to deal with Dos or DDos Attacks, though in general one may see one time to time. Misconfig a firewall and it is usless, but my main reason for a firewall is to control the type of activity in coming and outgoing. Another tool to manage network capacity and what functions it may have. The IRC Dos thing has been around years and is nothing new, firewall can be very simple or complex, can they defen against Ddos well yes if configed right just like a router can. Me hardware/software firewall, and it is needed as much to keep the garbage from getting in and from my users from doing something stupid. Even in general terms for newbies I'd say research well before you make a choice, and ask people you know who have firewalls and how they use them.