nanog mailing list archives
Re: I don't need no stinking firewall!
From: Jared Mauch <jared () puck nether net>
Date: Wed, 6 Jan 2010 08:36:59 -0500
On Jan 5, 2010, at 4:24 PM, Robert Brockway wrote:
Do you have any evidence to support this assertion? You've just asserted that all firewalls have a specific vulnerability. It isn't even possible to know the complete set of architectures (hardware & software) used for firewalls so I don't see how you can assert they all have this vulnerability.
Just about every ddos i've ever been involved in mitigation results in some device labeled "firewall" blowing it's brains and crippling the company further than if they had utilized a more distributed model. When combined with various other layers of mitigation that are either integrated or inline with another device we've spent lots of time troubleshooting which exact device was causing the most trouble. I can't cite specific cases unless my customers say I can, but it's somewhat amusing to watch some C* of a company realize they've wasted money on a device/service that actually made the problem worse in the face of an attack. There are those that might say the protection devices were not properly used, configured, etc... and if that's the case, it reflects the sad state of the lack of maturity of the industry/tech. (Or that it's obsolete). - Jared
Current thread:
- Re: I don't need no stinking firewall!, (continued)
- Re: I don't need no stinking firewall! James Hess (Jan 10)
- Re: I don't need no stinking firewall! Dobbins, Roland (Jan 10)
- Re: I don't need no stinking firewall! Joe Greco (Jan 10)
- Re: I don't need no stinking firewall! Joel Jaeggli (Jan 08)
- Re: I don't need no stinking firewall! Mark Smith (Jan 06)
- Re: I don't need no stinking firewall! William Pitcock (Jan 05)
- Re: I don't need no stinking firewall! Joe Greco (Jan 06)
- Re: I don't need no stinking firewall! Ryan Brooks (Jan 05)
- Re: I don't need no stinking firewall! Valdis . Kletnieks (Jan 06)
- RE: I don't need no stinking firewall! Brian Johnson (Jan 06)
- Re: I don't need no stinking firewall! Jared Mauch (Jan 06)
- Re: I don't need no stinking firewall! Dobbins, Roland (Jan 06)
- Re: I don't need no stinking firewall! juttazalud (Jan 06)
- Re: I don't need no stinking firewall! Dobbins, Roland (Jan 06)
- Re: I don't need no stinking firewall! Jay Hennigan (Jan 05)
- RE: I don't need no stinking firewall! Jason Shearer (Jan 05)
- Re: I don't need no stinking firewall! Jay Hennigan (Jan 05)
- Re: I don't need no stinking firewall! Henry Yen (Jan 05)