[prev in list] [next in list] [prev in thread] [next in thread]
List: focus-ids
Subject: Re: SQL effect on stateful IDS and firewalls
From: Gianni Tedesco <gianni () ecsc ! co ! uk>
Date: 2003-01-29 17:33:03
[Download RAW message or body]
On Tue, 2003-01-28 at 23:31, Todd Heberlein wrote:
> I have seen one report (by Tom Kyle on BugTraq) about the SQL worm
> swamping the memory a stateful firewall or IDS system.
>
> Does anyone have pointers on reports as to how well the different
> stateful systems did under the attack?
AFAIK most IDSs don't do state tracking for UDP. Firewalls tend to
implement UDP stateful hacks just to make DNS work ie: if a UDP packet
is allowed, allow reply UDP traffic for 30 seconds afterwards. This
model works for most but not all UDP applications.
--
// Gianni Tedesco (gianni at scaramanga dot co dot uk)
lynx --source www.scaramanga.co.uk/gianni-at-ecsc.asc | gpg --import
8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic