Greetings,

Where my server is hosted, they offer a SonicWALL Pro 100 Firewall for an extra 40$ a month.

http://www.sonicwall.com/products/PRO_100

Do you think that this SonicWall PRO 100 Firewall will block most DoS or this firewall doesnt look good enough ?


What will be the advantage with this firewall ?

thanks guys

A firewall at your end don't defead most forms of DOS attacks

BioXShell, i administer 2 PRO 100 Boxes and a Pro 200 box for the orgainsation i work for, they are used for internet access for our network and to firewall all of the machines at each site.

the boxes can reliably form a VPN tunnel between 2 or more sites using highly secure encryption, you can also connect to the box using encryption making your shell session 100% secure.

they have built in heavy duty access tables and are immensely secure, you can try peeking at a domain thats behind a Pro 200 firewall by going to : http://www.aufconnect.com

the aboove site is simply running a server with e-mail and web access, it is also running as a VPN tunnel dial-in

you can scan the IP for security if you want, i am particularly confident of the security it provides.

you can remotely administer the boxes with a web interface and it is possible to connect many systems to the firewall.

I would have thought they would have provided a Pro 200 box as this is Rack mountable where as the Pro 100 is not rack mountable and would prove cumbersome in a racking environment.

Hope this info helps, if you need any firther info please dont hesitate to contact me.

regarding DoS attacks, the connection mine is linked to will not withstand a cos attack as the upstream router gives in first, but this box is fully capable of protecting against many types of DoS attacks, and is one of its main strenngths.

Originally posted by msh
A firewall at your end don't defead most forms of DOS attacks

as msg stated, it will not block all dos attacks since you are firewalling packets at your end.. but it can and will help against smaller attacks, and this model can provide a good vpn solution. to fend off larger attacks you will need a provider that is willing to assist in doing so.

the reason it will not fend off all attacks sometimes size does matter.. if the dos coming in is say 200mbit, and your provider only has a 100mbit connection, and you're only leasing a 10mbit connection from them.. there will be several bottle necks.
say your provider fends and null routes off 120mbit of traffic, leaving 80mbit comming in which they can handle okay, then it hits your port at 10mbit, you're still toast.

Someone who finally explained it right.. :)

As said before, a firewall, sonicwall's included, are not effective against most types of DOS attacks. You will not be blocking access to the services that you offer. And most DOS attacks will not come from an identifiable IP address that you can filter once the attack starts.

As far as I can tell, sonicwall's firewall appliances aren't able to even detect a DOS attack. Even if the attack had an identifiable source IP address, you would have to detect the DOS attack and add a rule manually. Which again, makes it no more effective than any other firewall against DOS attacks.

the sonicwall will automatically deal with IP addresses that are attacking it, i have noticed on various occasions sustained "small" attacks have been completely blocked by the firewall, these attacks also get sent to the log file as a suspected attack, ourt firewalls also report to a syslog server at leach local site which can then collate and report on traffic and attack attempts.

upfortunately, no matter how good it is at protecting against attacks, if someone is attacking with a sustained 100MBit of data and you are on 10MBit, then the traffic wont even hit the firewall, leaving the firewall out of the equasion.

brian-WHT definitely explained it well.

I didn't think that the sonicwall detected DOS attacks, because I didn't see it in the firewall interface, and it wasn't mentioned on their product features.

After talking to a rep and being pointed to their FAQ, It looks like it automatically detects and attempts to protect against smurf attacks, people using winnuke, and against ip spoofing attacks.

It also claims to protect against SYN floods, but only if the source IP address of the attacking host is constant and identifiable.

SYN floods with random and spoofed source addresses make up the majority of DOS attacks, are not detectable by the sonicwall, and can not be blocked by it.

We have a Pro 300 and it works very well for us. Check out www.sonicwalldepot.com for good pricing.