[
Lists Home |
Date Index |
Thread Index
]
> OK, I can see what you are saying. Is there some facility to
> deny/turn-off processing for a type of DoS attack? Say something is
> sending you several complex, large messages - what happens to the gateway?
In the worst case, the gateway goes down before your application server
does. More usually, gateways are more aware of XML-based network
attacks than most applications (e.g., billion laughs, XML too big, etc)
and will drop the message, fault it, report it, whatever, when
thresholds are exceeded.
XML is particulary useful for DoS, since the processing load is
asymmetric: the adversary can just use print statements, while the
victim receiver needs to parse. Gateways built around OSS or COTS
parsers, for example, are often just as vulnerable as the servers
they're protecting.
Caveat emptor.
/r$
--
Rich Salz, Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
|
