Firewall Wizards mailing list archives
Re: TCP syncookies - firewall or host?
From: Florin Andrei <florin () andrei myip org>
Date: Tue, 03 Apr 2007 14:43:26 -0700
Florin Andrei wrote:
This sounds like a job for the firewall, but on the other hand all those servers are very fast, there's a lot of them, and usually they're mostly idle. So I'm very tempted to dump that task on the servers.
OTOH, if I let the servers deal with it, wouldn't that fill up resources on the firewall real quick during an attack? So in that case, syncookies at the firewall level would be better. I will do some tests to trigger some issues that might occur in real life and see how each piece of equipment handles that, but until then I'd like to get a second opinion, so that's why I'm asking. -- Florin Andrei http://florin.myip.org/ _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- TCP syncookies - firewall or host? Florin Andrei (Apr 03)
- Re: TCP syncookies - firewall or host? Florin Andrei (Apr 03)
- Firewall surveyquestion Steve orca (Apr 03)
- <Possible follow-ups>
- Re: TCP syncookies - firewall or host? rgolodner (Apr 05)
- TCP syncookies - firewall or host? chris mr (Apr 09)