Firewall Wizards mailing list archives
RE: CERT vulnerability note VU# 539363
From: "Stephen Gill" <gillsr () yahoo com>
Date: Wed, 16 Oct 2002 09:34:52 -0500
Don't drop legitimate connections and try not to allow yourself to get to the point where new connections can't be established either, assuming you are well within your means of handling the load (traffic/pps/memory/etc...). The key is to make optimum use of those resources - in this case the session table. -- steve -----Original Message----- From: Daniel Hartmeier [mailto:daniel () benzedrine cx] Sent: Wednesday, October 16, 2002 8:54 AM To: Stephen Gill Cc: 'Mikael Olsson'; firewall-wizards () honor icsalabs com Subject: Re: [fw-wiz] CERT vulnerability note VU# 539363 On Wed, Oct 16, 2002 at 08:20:09AM -0500, Stephen Gill wrote:
In my opinion if a stateful firewall claims it can filter at rate X (64byte packets, etc...), it should be able to filter at that rate
under
all conditions.
Obviously, for any X, when each packet is part of a TCP handshake, the X/2 (or /3, depending on how you count) newly established connections per second will exhaust memory on the firewall after a certain amount of time. I don't think you meant 'be able to filter at that rate' to include 'dropping legitimate connections when running out of memory', did you?
I'd like to learn some of the other methods being used for mitigation amongst vendors.
Yes, that's what I'd find most intersting to read in vendor statements myself. :) Daniel _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- CERT vulnerability note VU# 539363 Stephen Gill (Oct 16)
- Re: CERT vulnerability note VU# 539363 Mikael Olsson (Oct 16)
- RE: CERT vulnerability note VU# 539363 Stephen Gill (Oct 16)
- Re: CERT vulnerability note VU# 539363 Daniel Hartmeier (Oct 16)
- RE: CERT vulnerability note VU# 539363 Stephen Gill (Oct 16)
- RE: CERT vulnerability note VU# 539363 R. DuFresne (Oct 16)
- RE: CERT vulnerability note VU# 539363 Stephen Gill (Oct 16)
- RE: CERT vulnerability note VU# 539363 R. DuFresne (Oct 16)
- RE: CERT vulnerability note VU# 539363 Stephen Gill (Oct 16)
- RE: CERT vulnerability note VU# 539363 Stephen Gill (Oct 16)
- Re: CERT vulnerability note VU# 539363 Mikael Olsson (Oct 16)
- RE: CERT vulnerability note VU# 539363 Ofir Arkin (Oct 16)
- RE: CERT vulnerability note VU# 539363 Stephen Gill (Oct 16)
- Re: CERT vulnerability note VU# 539363 R. DuFresne (Oct 16)
- Re: CERT vulnerability note VU# 539363 Daniel Hartmeier (Oct 16)
- Re: CERT vulnerability note VU# 539363 Paul D. Robertson (Oct 16)