On Wed, Oct 16, 2002 at 08:20:09AM -0500, Stephen Gill wrote: > In my opinion if a stateful firewall claims it can filter at rate X > (64byte packets, etc...), it should be able to filter at that rate under > all conditions. Obviously, for any X, when each packet is part of a TCP handshake, the X/2 (or /3, depending on how you count) newly established connections per second will exhaust memory on the firewall after a certain amount of time. I don't think you meant 'be able to filter at that rate' to include 'dropping legitimate connections when running out of memory', did you? > I'd like to learn some of the other methods being used for mitigation > amongst vendors. Yes, that's what I'd find most intersting to read in vendor statements myself. :) Daniel _______________________________________________ firewall-wizards mailing list firewall-wizardsat_private http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
This archive was generated by hypermail 2b30 : Wed Oct 16 2002 - 07:09:06 PDT