On Thu, 8 Mar 2001, Derek Kwan wrote:
> Dumb question... How's a FW going to prevent people connect to the web
> port and issue this kind of Infinite HTTP request?
>
> Unless the FW also have some kind of realtime IDS build into it to block
> traffic in realtime... Am I correct?
Depends on the firewall. FireWall-1 allows you to use resource definitions
and you can limit the lenght of the URL.
However I would not recommend to let the firewall do this. This kind of
things is why I hired websweeper. It sounds stupid to protect a server
that is there to protect your network.
I'll raise this on Monday through the normal channels. We got customers on
websweeper and I find this rather disturbing.
Hugo.
Ps: using resource definitions this way would put extra load on your
firewall which may be unwanted.
--
Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ Maasland
[EMAIL PROTECTED] http://hvdkooij.xs4all.nl/
--------------------------------------------------------------
