Return-Path: <sentto-279987-3798-1005102169-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Tue, 06 Nov 2001 19:13:06 -0800 (PST) Received: (qmail 29870 invoked by uid 510); 7 Nov 2001 03:11:32 -0000 Received: from n25.groups.yahoo.com (216.115.96.75) by 204.181.12.215 with SMTP; 7 Nov 2001 03:11:32 -0000 X-eGroups-Return: sentto-279987-3798-1005102169-fc=all.net@returns.groups.yahoo.com Received: from [10.1.1.221] by n25.groups.yahoo.com with NNFMP; 07 Nov 2001 03:02:34 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 7 Nov 2001 03:02:48 -0000 Received: (qmail 90123 invoked from network); 7 Nov 2001 03:02:48 -0000 Received: from unknown (216.115.97.167) by m3.grp.snv.yahoo.com with QMQP; 7 Nov 2001 03:02:48 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta1.grp.snv.yahoo.com with SMTP; 7 Nov 2001 03:02:48 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id fA732rr29507 for iwar@onelist.com; Tue, 6 Nov 2001 19:02:53 -0800 Message-Id: <200111070302.fA732rr29507@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Tue, 6 Nov 2001 19:02:53 -0800 (PST) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Reverse.firewall.dams.DoS.flood] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Reverse firewall dams DoS flood By James Middleton, VNU Net, 11/6/2001 http://www.vnunet.com/News/1126617 In a bid to fight the growing menace from computer and router-based denial of service (DoS) attacks, security firm have developed a technique to dam the DoS data flood at source. Using funding from the Defence Advanced Research Projects Agency (DARPA), security technology firm Cs3 is looking a the concept of reverse firewalling, or keeping the flood of data from a DoS attack dammed up at the source. The Reverse Firewall works by filtering the outgoing packets from a network. The difference between a legitimate application that uses high bandwidth and a packet flooding attack is that, in the former case, the machine at the other end of the conversation is participating in a two-way conversation. In the case of a DoS attack, the exchange is one sided. As research suggests that most distributed denial of service attacks (DdoS) attacks are carried out using zombie machines, high-bandwidth infrastructure is a favourite target. This puts enterprises, universities and ISPs at the top of a hacker's list. "With near universal availability of permanent and faster connections to the internet, and the attendant decrease of network security expertise per individual computer, there is no scarcity of potential zombies," said Cs3. But reverse firewalling effectively reduces the value of these machines in such an attack to the equivalent of a slow dial up connection, or even less. "What we call a Reverse Firewall is, therefore, simply one part of the functionality that could and should be provided by firewalls," said the company. A firewall is in a position to distinguish these two cases, since all of the traffic between the local network and the outside passes through it. The technology limits the rate at which the firewall forwards packets that are not replies to other packets that recently were forwarded in the other direction. Packets that are not replies, for instance to start a new conversation, simply need not be transmitted at a high rate. And while the technology could help potential victims outside of an compromised network, the users of that network will still be suffering from loss of bandwidth gobbled up in the attack. However, reverse firewalls could be deployed internally, between network segments for example, to turn the potential flood into nothing more than a trickle. ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:59 PST