DOS protection and SW firewalls

I'd like to start this new thread to know what people think on the subject. It may be I've overseen something in my speculations. Then everybody who have to say something thoughtfull is welcomed to the thread

I quote my own post from the OA support forum:

"I think the value of the DOS protection is very overestimated recently concerning software firewalls. Yes, it was important some 5-6 years ago, but not now. Since DOS paranoia started MS improved their TCP/IP stack essentially. Just imagine, every new DOS attack is tested against their web-side first, and only then it is converted into the widely accessible exploits by publishing attack algorythms. Do not expect to be better DOS preventor than MS engeeniers are. You will just spend a lot of time and efforts, but will get no practical value in the end. They will release security update faster than you even be aware of the new DOS attack in most cases. I'd strongly advise you to spend your efforts in more effective way than to fight outdated threats.".

 

I agree! Too much time and effort has been wasted on this issue. Like here, here, here and here. About the "outdated attacks", I'll leave that to the actual Firewall Experts since they (and the M$ engineers) are still concerned with them.

 

Ok. I just want to see at least one personal user who was a victim of the successful DOS attack and I'd like to know what harm did he get as a result. In any case I dare say comparing to the malware victims this number is an order less and the harm is at least two order less.

 

I don't see anyone posting whether they agree or disagree with your point.

The same point could be made concerning stealth or leak-protection. The only postings I see here, are agreeing that a lot of time has been wasted on this subject, pros and cons. Now prove my point and waste some more time on the subject...

 

I don't see either. This may mean anything, though I'm inclined to think this rather does mean a few really care about it
Stealth never interested me too much because I always run some services, starting from DC server, ending with Fidonet mailer. But leaktests .. I do not actually care much about information leaking from my computer, but it has appeared that good antileak protection is accompanied as a rule by a good HIPS, which have helped me to prevent some nasties downloaded from the inet and especially from the local network to intrude my system. There also were some DOS attempts from local network, but since I try to keep my system up to date, they all failed and not because my firewall, but because my Windows was up-to date.

 

Thanx for proving my point.

 

Nothing doing

But this is not what I'd like to know. I'm interested in _arguments_ and _facts_ concerning the subject.

 

It's obvious to anyone that read the "OA-learning-thread" that you're looking for an arguement. (even though you consider it a non-issue and a waste of time.) I'd strongly advise you to spend your efforts in a more effective way than arguing. (Try sarcasm!) And try using an example other than M$....there the one's that started the trouble in the first place.

 

I don't worry about DOS issues because my router/firewall protects against them. Therefore, when it comes to looking at or considering the use of any software firewall I never even give that a consideration in my decisions.

 

Some people question the reliability of routers though.

 

Yep, but some people will question almost everything.

 

I swear by my router! (now that I've learned a little 'bout config'n it) I got your point though... LMAO

 

In any example responsibility is on the TCP/IP stack vendor. It would be more natural and correct if DOS protection was implemented there. In case TCP/IP stack can be DOSed it is implemented incorrectly.

 

A lot of people into gaming have many ports open and can be DoS'ed out of games if they do not have some sort of protection. Really any good firewall should stop a DoS attack and it is so widely incorporated into firewalls, why not use it?

 

At least because this is doubled work. To detect "bad" packet FW should parse it starting from the ethernet frame down to TCP/UDP etc level. In case a packet is good it is allowed to pass, but then TCP/IP stack will do the same job with _every_ packet. Even in case the both parsing/inspecting algorythms are implemented ideally processing time goes at least twice longer comparing to the ideal (and I presume ideal is the target).

 

Sorry, I'd trust the firewall (hard/soft) before M$, anyday...

 

I see. But in any case this is not a logical argument, this is just a bias. No problem here, most people make desicions based on their emotional preferences. I do it the same way pretty often, that is to say

But here, in this thread, I'd like to hear _arguments_. If you have any, you are greatly welcomed. But for a biased opinions it is better to start a poll instead of a thread.

 

Sorry, I speak from experience. When I am wrong, I will admit it instead of starting a new-thread to get the responses I need. My original point was proven. Yours

 

Hi Monty,

Your'e being too hard here. Why don't you play along with a few pseudo facts? That will keep him out of the OA thread.

 

What I am trying to say and maybe not doing a very good job of, is that the user should keep their OS up-to-date with patches but it is still their responsibility to secure the OS-not Microsoft's...