[fw-wiz] Firewall Statefullness:

From: Nimesh Vakharia (nvakhari_at_mil.sunysb.edu)
Date: 08/22/03

Next message: Mikael Olsson: "Re: [fw-wiz] Transparent proxies and PMTUD on the (WWW) server side"

Previous message: Carson Gaspar: "Re: [fw-wiz] Transparent proxies and PMTUD on the (WWW) server side"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <firewall-wizards@honor.icsalabs.com>
Date: Thu, 21 Aug 2003 18:35:16 -0400 (EDT)

So what is the general consensus today on Statefulness. I am looknig at a
few firewalls and each has its own unique features. The standard IP and
port tuple, maintaing sequence number based on TCP window size. Some are
using mechanism similar to SYN cookies (http://cr.yp.to) to protect
themselves from state table overflow.

Are there any other fancy features besides these to look for in a vendor:
- On how they maintain state.
- On how they protect the statetable from overflowing

What are leading firewall vendors like netscreen/checkpoint doing?

Nimesh.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Next message: Mikael Olsson: "Re: [fw-wiz] Transparent proxies and PMTUD on the (WWW) server side"

Previous message: Carson Gaspar: "Re: [fw-wiz] Transparent proxies and PMTUD on the (WWW) server side"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

www.derkeiler.com > Mailing-Lists > Firewall-Wizards > 2003-08