|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: van der Kooij, Hugo (Hugo.van.der.Kooij
CAIW.NL)Date: Sun Mar 11 2001 - 15:54:31 CST
On Thu, 8 Mar 2001, Derek Kwan wrote:
> Dumb question... How's a FW going to prevent people connect to the web
> port and issue this kind of Infinite HTTP request?
>
> Unless the FW also have some kind of realtime IDS build into it to block
> traffic in realtime... Am I correct?
Depends on the firewall. FireWall-1 allows you to use resource definitions
and you can limit the lenght of the URL.
However I would not recommend to let the firewall do this. This kind of
things is why I hired websweeper. It sounds stupid to protect a server
that is there to protect your network.
I'll raise this on Monday through the normal channels. We got customers on
websweeper and I find this rather disturbing.
Hugo.
Ps: using resource definitions this way would put extra load on your
firewall which may be unwanted.
-- Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ Maasland hugo
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]