Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Firewall performance testing (Was: Re: Evaluating Firewall)

From: "Kyle R. Hofmann" <krh () lemniscate net>
Date: Wed, 07 May 2003 12:46:37 -0700
On Wed, 07 May 2003 20:20:25 +0200, Mikael Olsson wrote:

Carson Gaspar wrote:


Most firewalls have to do a connection lookup for established sessions.
Good ones will do so with some algorithm that is O(log n) (or so) instead
of O(n).


s/O(log n)/O(1..2)/


Constant time performance suggests a hash table of some sort.  If that's the
case, you'd also need to make sure that the hashing algorithm is hard to
attack, i.e., that an attacker wouldn't be able to force a lot of hash
collisions and thereby degrade performance.  I can't think of an easy way of
black-box testing such a thing, though.

-- 
Kyle R. Hofmann <krh () lemniscate net>
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: