Firewall Statefullness:

[Nimesh Vakharia <nvakhari () mil sunysb edu>]

So what is the general consensus today on Statefulness. I am looknig at a
few firewalls and each has its own unique features. The standard IP and
port tuple, maintaing sequence number based on TCP window size. Some are
using mechanism similar to SYN cookies (http://cr.yp.to) to protect
themselves from state table overflow.

Are there any other fancy features besides these to look for in a vendor:
- On how they maintain state.
- On how they protect the statetable from overflowing

What are leading firewall vendors like netscreen/checkpoint doing?

Nimesh.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards