# Firewalls & DOS Attacks



## Wayno66 (Jan 24, 2011)

Can someone help me with a uni question I have? It's for my exam revision.

What protection does a firewall give against a denial of service (DOS) attack?

I've read they don't offer much protection then in other books they say they can offer reasonable protection.

Many thanks

Wayne
Western Australia


----------



## Wand3r3r (Sep 17, 2010)

my router logs show dos attacks all the time with no interruption of services.
having stateful packet inspection, I believe, makes the difference


----------



## ragazzid (May 31, 2011)

About DOS attack:

There are a many types of firewall, the global action is:

one: DROP the traffic, the router stop to answer to attacker and just drop the packet when a DOS is confirmed

two: If is a Brute for attack, the firewall can stop to receive submits from the source

three: Firewall can alert a admin when configured

To more information I need to know what kind of firewall we are talking about. Here some options

Router as a firewall
PIX
ASA
Checkpoint
Juniper Firewall

Feel free to send me any questions.


----------



## Wayno66 (Jan 24, 2011)

Thank you for your replies. It is a question on generic firewalls so I cannot give details of a specific firewall type. I now believe that a combination of packet filtering, state full inspection & nat servers offer a reasonable level of protection. Regards


----------



## ragazzid (May 31, 2011)

Yeah but, it is not against DoS attack.

And any cisco router can make NAT, packet inspection


----------



## OneHalf (Jun 12, 2011)

In theory a firewall on BGP enabled router could inform preceding router of DoS attack, so the traffic can be dropped erlier in routing schema.


----------

