nanog mailing list archives
Re: I don't need no stinking firewall!
From: bill from home <bill () kruchas com>
Date: Fri, 08 Jan 2010 08:22:00 -0500
All,This thread certainly has been educational, and has changed my perception of what an appropriate outward facing architecture should be. But seldom do I have the luxury of designing this from scratch, and also the networks I administer are "small business's". My question is at what size connection does a state table become vulnerable, are we talking 1mb dsl's with a soho firewall?
Or as I suspect we are talking about a larger scale? I know there are variables, I am just looking for a "rule of thumb". I would not want to recommend a change if it is not warranted.But when fatter and fatter pipes become available at what point would a change be warranted.
Thanks Bill Kruchas Dobbins, Roland wrote:
On Jan 8, 2010, at 3:21 PM, Arie Vayner wrote:Further on, if you want to really protect against a real DDoS you would most likely would have to look at a really distributed solution, where the different geographical load balancing solutions come into play.GSLB or whatever we want to call it is extremely useful from a general availability standpoint; however, the attackers can always scale up and really distribute their already-DDoS even further (they learned about routeservers and DNS tinkering years ago).Architecture, visibility, and control are key, as are vendor/customer/peer/upstream/opsec community relationships. ----------------------------------------------------------------------- Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com> Injustice is relatively easy to bear; what stings is justice. -- H.L. Mencken
Current thread:
- Re: I don't need no stinking firewall!, (continued)
- Re: I don't need no stinking firewall! Bruce Curtis (Jan 12)
- RE: I don't need no stinking firewall! Brian Johnson (Jan 13)
- Re: I don't need no stinking firewall! Tim Durack (Jan 13)
- Re: I don't need no stinking firewall! Joel Jaeggli (Jan 13)
- Re: I don't need no stinking firewall! Randy Bush (Jan 14)
- RE: I don't need no stinking firewall! George Bonser (Jan 05)
- Re: I don't need no stinking firewall! Dobbins, Roland (Jan 05)
- RE: I don't need no stinking firewall! George Bonser (Jan 05)
- Re: I don't need no stinking firewall! Arie Vayner (Jan 08)
- Re: I don't need no stinking firewall! Dobbins, Roland (Jan 08)
- Re: I don't need no stinking firewall! bill from home (Jan 08)
- Re: I don't need no stinking firewall! Dobbins, Roland (Jan 08)
- Re: I don't need no stinking firewall! bill from home (Jan 08)
- Re: I don't need no stinking firewall! Dobbins, Roland (Jan 08)
- Re: I don't need no stinking firewall! Joel Jaeggli (Jan 08)
- Re: I don't need no stinking firewall! Dobbins, Roland (Jan 08)
- Re: I don't need no stinking firewall! Joel Jaeggli (Jan 08)
- Re: I don't need no stinking firewall! harbor235 (Jan 09)
- Re: I don't need no stinking firewall! Dobbins, Roland (Jan 09)
- Re: I don't need no stinking firewall! harbor235 (Jan 09)
- Re: I don't need no stinking firewall! Dobbins, Roland (Jan 09)