Joe, Firewall-1 has the SynDefender and Cisco IOS 12.0 has TCP Intercept for stopping TCP DOS. Could these features stop massive TCP DOS attacks? Thanks, Audie Onibala ****************************** Joe Shaw <jshaw@insync.net> wrote: On 9 Feb 2000, Toplez Razer wrote:
1. Was it the firewall DOS filter?
With packet based DoS attacks, filters don't matter. Bandwidth and saturation are what matters.
2. No firewall in Yahoo, EBay, ETrade, etc?
Yes, there are, and no, they wouldn't have helped for the reason stated above.
3. Firewall DOS filter worked, but the links were still clogged with massive ACKs/NACKs?
Not exactly, but fairly close. -- Joseph W. Shaw - jshaw@insync.net Computer Security Consultant and Programmer Free UNIX advocate - "I hack, therefore I am." ____________________________________________________________________ Get free email and a permanent address at http://www.netaddress.com/?N=1