From time to time at my job I have to investigate some security events on a firewall. I was discussing session DoS attacks with a colleague when he stated that you only need one packet / in one direction to establish a session with a edge device thus overwhelming a device with a large amount of sessions is easy. I figured the edge device has to acknowledge it some how. I am now curious I guess about the requirements of starting a session and how a device decides to close them? Just session timers or is there more to it? Is he even right? I did some digging but could not find anything this specific online. Anyone care to chime in? Thanks!
No comments:
Post a Comment