dnoyeB
Ferrous Phallus
join:2000-10-09
Southfield, MI | reply to dnoyeB
Re: Zywall 2+ Attack Detection
I thought those were only for DOS attacks? Port scan is a DOS attack? |
|
dslpartner
join:2005-02-18
| »en.wikipedia.org/wiki/Denial-of-···e_attack
So yes, if you go by the definition, then a port scan can tie up the resources of the target host, which can lead to it being unable to perform tasks. |
|
bbarrera
Premium,MVM
join:2000-10-23
Sacramento, CA
clubs:
| Sure but we all know a simple nmap port scan doesn't cause a DoS attack. More serious are the false positives in zw2/5/35/70 family that luckily are not see in zw1050/USG300 family. The number of false positives and immediate blocking are why I disable LAN on Security > Firewall > Threshold for zw2/5/35/70 firewalls. |
|
dslpartner
join:2005-02-18
| I am not familiar what actually triggers a portscan attack false positive, but you can use a portscan to create problems and if it does its considered a DoS.
I agree that the tresholds on the ZyWALLs are to low, but its a stretch to say the device is not doing its job, albeit not 100% correctly its still trying to do the tasks stowed upon it within the parameters that are programmed for it.
The question is, can you change the settings to fit your expected behaviours or is this hardcoded somewhere. And can we get ZyXEL to help us tune it to our personal likings.
--
"Perl is executable line noise, Python is executable pseudo-code." |
|
bbarrera
Premium,MVM
join:2000-10-23
Sacramento, CA
clubs: | its an issue of control. I didn't say the firewall isn't doing its job, the issue is "ALL OR NOTHING" as you have no real control. |
|
