[fw-wiz] RE: CERT vulnerability note VU# 539363

From: Philip J. Koenig (pjklist@ekahuna.com)
Date: 10/16/02

From: "Philip J. Koenig" <pjklist@ekahuna.com>
To: Firewall-wizards@honor.icsalabs.com
Date: Wed Oct 16 20:55:01 2002

On 16 Oct 2002 at 17:00, Stephen Gill boldly uttered:

> In V4.0 the syntax has changed somewhat for the aforementioned command,
> though the concept still applies...
> set zone <zone> screen limit-session source-ip-based <threshold>
> I've requested something like
> set zone <zone> screen limit-session dest-ip-based <threshold>
> but I've not seen it in code yet. If I'm not mistaken I believe CP has
> added the ability to do both recently.
> -- steve

OK, but the nice thing about the source-based rule is it's not very
likely to drop legitimate traffic (unless you misconfigure it without
any sense of your normal traffic profile), whereas a destination-
based rule could easily cause that problem, particularly for public

On a slightly off-topic note - do you find ScreenOS stable? I
avoided it for stability reasons at a newly-deployed site but it
would have been convenient to start off with it because when the time
comes to upgrade it looks like I'll have to re-architect lots of the
rules to adapt to its new syntax.

Philip J. Koenig                                       
Electric Kahuna Systems -- Computers & Communications for the New