nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: I don't need no stinking firewall!

From: bill from home <bill () kruchas com>
Date: Fri, 08 Jan 2010 09:02:12 -0500
Roland,
I understand, but at the site we are protecting, at what point is the bottleneck the connection speed, and at what point is the state table the bottle neck. 
It saves me the following uncomfortable conversation.
ME> Mr customer, remember that firewall you bought a couple of years ago for $$$$. 
Customer> Yes...
ME> We might better throw it out. And then you can pay me to harden your hosts.
Or I could just re cable, and leave it turned on, they would never know (just kidding). 

And maybe there is no way to tell, but I feel I need to ask the question.

Thanks Bill Kruchas

Dobbins, Roland wrote:

On Jan 8, 2010, at 8:22 PM, bill from home wrote:


Or as I suspect we are talking about a larger scale?


Even an attacker with relatively moderate resources can succeed simply by creating enough well-formed, programatically-generated 
traffic to 'crowd out' legitimate traffic.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

    Injustice is relatively easy to bear; what stings is justice.

                        -- H.L. Mencken
Previous By Date Next
Previous By Thread Next

Current thread: