Re: [fw-wiz] CERT vulnerability note VU# 539363
From: Daniel Hartmeier (daniel@benzedrine.cx)
Date: 10/16/02
- Next message: R. DuFresne: "RE: [fw-wiz] CERT vulnerability note VU# 539363"
- Previous message: Paul D. Robertson: "Re: [fw-wiz] CERT vulnerability note VU# 539363"
- In reply to: Stephen Gill: "RE: [fw-wiz] CERT vulnerability note VU# 539363"
- Next in thread: Stephen Gill: "RE: [fw-wiz] CERT vulnerability note VU# 539363"
- Reply: Stephen Gill: "RE: [fw-wiz] CERT vulnerability note VU# 539363"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Daniel Hartmeier <daniel@benzedrine.cx> To: Stephen Gill <gillsr@yahoo.com> Date: Wed Oct 16 09:53:00 2002
On Wed, Oct 16, 2002 at 08:20:09AM -0500, Stephen Gill wrote:
> In my opinion if a stateful firewall claims it can filter at rate X
> (64byte packets, etc...), it should be able to filter at that rate under
> all conditions.
Obviously, for any X, when each packet is part of a TCP handshake, the
X/2 (or /3, depending on how you count) newly established connections per
second will exhaust memory on the firewall after a certain amount of time.
I don't think you meant 'be able to filter at that rate' to include
'dropping legitimate connections when running out of memory', did you?
> I'd like to learn some of the other methods being used for mitigation
> amongst vendors.
Yes, that's what I'd find most intersting to read in vendor statements
myself. :)
Daniel
- Next message: R. DuFresne: "RE: [fw-wiz] CERT vulnerability note VU# 539363"
- Previous message: Paul D. Robertson: "Re: [fw-wiz] CERT vulnerability note VU# 539363"
- In reply to: Stephen Gill: "RE: [fw-wiz] CERT vulnerability note VU# 539363"
- Next in thread: Stephen Gill: "RE: [fw-wiz] CERT vulnerability note VU# 539363"
- Reply: Stephen Gill: "RE: [fw-wiz] CERT vulnerability note VU# 539363"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
