DOS protection and SW firewalls

Discussion in 'other firewalls' started by alex_s, Nov 14, 2007.

Thread Status:
Not open for further replies.
  1. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    I'd like to start this new thread to know what people think on the subject. It may be I've overseen something in my speculations. Then everybody who have to say something thoughtfull is welcomed to the thread :)

    I quote my own post from the OA support forum:

    "I think the value of the DOS protection is very overestimated recently concerning software firewalls. Yes, it was important some 5-6 years ago, but not now. Since DOS paranoia started MS improved their TCP/IP stack essentially. Just imagine, every new DOS attack is tested against their web-side first, and only then it is converted into the widely accessible exploits by publishing attack algorythms. Do not expect to be better DOS preventor than MS engeeniers are. You will just spend a lot of time and efforts, but will get no practical value in the end. They will release security update faster than you even be aware of the new DOS attack in most cases. I'd strongly advise you to spend your efforts in more effective way than to fight outdated threats.".
     
  2. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    I agree! Too much time and effort has been wasted on this issue. Like here, here, here and here. About the "outdated attacks", I'll leave that to the actual Firewall Experts since they (and the M$ engineers) are still concerned with them.
     
  3. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    Ok. I just want to see at least one personal user who was a victim of the successful DOS attack and I'd like to know what harm did he get as a result. In any case I dare say comparing to the malware victims this number is an order less and the harm is at least two order less.
     
  4. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    I don't see anyone posting whether they agree or disagree with your point.
    The same point could be made concerning stealth or leak-protection. The only postings I see here, are agreeing that a lot of time has been wasted on this subject, pros and cons. Now prove my point and waste some more time on the subject...
     
  5. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    I don't see either. This may mean anything, though I'm inclined to think this rather does mean a few really care about it :)
    Stealth never interested me too much because I always run some services, starting from DC server, ending with Fidonet mailer. But leaktests .. I do not actually care much about information leaking from my computer, but it has appeared that good antileak protection is accompanied as a rule by a good HIPS, which have helped me to prevent some nasties downloaded from the inet and especially from the local network to intrude my system. There also were some DOS attempts from local network, but since I try to keep my system up to date, they all failed and not because my firewall, but because my Windows was up-to date.
     
  6. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    Thanx for proving my point. :isay:
     
  7. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    Nothing doing :)

    But this is not what I'd like to know. I'm interested in _arguments_ and _facts_ concerning the subject.
     
  8. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    It's obvious to anyone that read the "OA-learning-thread" that you're looking for an arguement. (even though you consider it a non-issue and a waste of time.) I'd strongly advise you to spend your efforts in a more effective way than arguing. (Try sarcasm!) And try using an example other than M$....there the one's that started the trouble in the first place.
     
  9. Hipgnosis

    Hipgnosis Registered Member

    Joined:
    Aug 26, 2003
    Posts:
    297
    Location:
    Witness Protection Program
    I don't worry about DOS issues because my router/firewall protects against them. Therefore, when it comes to looking at or considering the use of any software firewall I never even give that a consideration in my decisions.
     
  10. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    Some people question the reliability of routers though.
     
  11. Hipgnosis

    Hipgnosis Registered Member

    Joined:
    Aug 26, 2003
    Posts:
    297
    Location:
    Witness Protection Program
    Yep, but some people will question almost everything. ;)
     
  12. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    I swear by my router! (now that I've learned a little 'bout config'n it) I got your point though... LMAO :D
     
  13. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    In any example responsibility is on the TCP/IP stack vendor. It would be more natural and correct if DOS protection was implemented there. In case TCP/IP stack can be DOSed it is implemented incorrectly.
     
  14. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    A lot of people into gaming have many ports open and can be DoS'ed out of games if they do not have some sort of protection. Really any good firewall should stop a DoS attack and it is so widely incorporated into firewalls, why not use it?
     
  15. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    At least because this is doubled work. To detect "bad" packet FW should parse it starting from the ethernet frame down to TCP/UDP etc level. In case a packet is good it is allowed to pass, but then TCP/IP stack will do the same job with _every_ packet. Even in case the both parsing/inspecting algorythms are implemented ideally processing time goes at least twice longer comparing to the ideal (and I presume ideal is the target).
     
  16. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    Sorry, I'd trust the firewall (hard/soft) before M$, anyday...
     
  17. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    I see. But in any case this is not a logical argument, this is just a bias. No problem here, most people make desicions based on their emotional preferences. I do it the same way pretty often, that is to say :)

    But here, in this thread, I'd like to hear _arguments_. If you have any, you are greatly welcomed. But for a biased opinions it is better to start a poll instead of a thread.
     
  18. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    Sorry, I speak from experience. When I am wrong, I will admit it instead of starting a new-thread to get the responses I need. My original point was proven. Yourso_O
     
  19. Lundholm

    Lundholm Registered Member

    Joined:
    Aug 20, 2007
    Posts:
    108
    Location:
    Copenhagen, Old Zealand
    Hi Monty,

    Your'e being too hard here. Why don't you play along with a few pseudo facts? That will keep him out of the OA thread.
     
  20. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    What I am trying to say and maybe not doing a very good job of, is that the user should keep their OS up-to-date with patches but it is still their responsibility to secure the OS-not Microsoft's...
     
Loading...
Thread Status:
Not open for further replies.