Re: Backgroun dnoise
From: Wolfgang Kueter (wolfgang@shconnect.de)Date: 10/10/02
- Next message: : "Re: 213 hits in 15 minutes!?!"
- Previous message: Wyeth: "zone alarm pro 3.1"
- In reply to: Leonid Rosenboim: "Re: Backgroun dnoise"
- Next in thread: taharka: "Re: questionable access to my computer - please help"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Wolfgang Kueter <wolfgang@shconnect.de> Date: Thu, 10 Oct 2002 14:34:54 +0200
Leonid Rosenboim wrote:
> Anyway, background noise is a problem with all firewalls.
Background noise is only a problem, if it is misinterpreted as an attack.
> It happens with ZomeArlam, it happens with the Intel Wireless
> Gateway I got at home, and it happens with Cisco IOS/FW,
> as well as Checkpoint FW-1. Even if session timeout is set
> at 2 minutes (the recommended timeout in many RFCs),
> there will still be these false alarms.
Actually they are not false alarms, they are only dropped (and logged)
packets. And they happen only with stateful packet filters. Stateless
filters do not produce these.
> The cost of setting session timeouts too long is high -
> there would be a need for much more memory to keep
> track for terminated session for a longer period, and
> thus the total number of entries in the session tables
> would need to be increased.
Right, but stateless filtering is often totally sufficient. No need to
increase memory on a stateless packet, because they don't use session
tables.
Wolfgang
- Next message: : "Re: 213 hits in 15 minutes!?!"
- Previous message: Wyeth: "zone alarm pro 3.1"
- In reply to: Leonid Rosenboim: "Re: Backgroun dnoise"
- Next in thread: taharka: "Re: questionable access to my computer - please help"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
