> Sure this is the case if you have a rule set that has something like.
Let
> in a packet that is bound to some address range.
> If I have a rule set that is host based, allowing only a few specific IP
> address's in the DoS attack is limited?
>
> Increasing the size of the connections allowed in the table may only
reduce
> the possibility of the attack. Why not increase the number such that it
is
> greater than what your bandwidth can handle (advocated by firewall people
> here).
>
> r1ccard0
>
> Richard Scott
> (I.S.) E-Commerce Team
> * Best Buy World Headquarters
> 7075 Flying Cloud Drive
> Eden Prairie, MN 55344 USA
>
> This '|' is not a pipe
Even if you have a few specific IPs, if they can be found, they can be
spoofed since there is no sequence number checking. I guess your security
then depends on how hard the trusted IPs are to guess. (Probably a bad idea)
In regards to increasing the connection table to a number greater the your
bandwidth can handle, well, first I'm not sure that that's a meaningful
statement. The maximum number of connections for a given bandwidth depends
on what's going on in those connections. However, the faked connections are
only 1 packet and I don't think that you could expand the table enough to
hold even 56k bps of faked packets.
-James
