[ previous ] [ next ] [ threads ]
 
 From:  "Wayne Fiori" <dev9null at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Firewall virus protection?
 Date:  Thu, 15 Nov 2007 10:42:03 -0800
Demonstrate how much this decision will impact their firewall
performance by sending a simple zip file. When I used to test
network-based AV mail scanners, the easiest way to bring the scanner
to its knees was to create a text file that contained a single
character (x for example) duplicated a few million times. That's a
quick perl/python/shell script to build that. Zip that text file up.
It will compress to a little tiny zip file. Essentially the zip file
is a description of # and x. Attach this zip file to an email and send
it through the AV scanner. Watch the AV scanner choke while it spends
CPU cycles to open and examine a text file full of one character.

By buying into a low end UTM (Unified Threat Model), they have opened
themselves to a basic denial of service attack.
--
=Wayne