I'm currently tasked with providing some comparisons of firewall logging capabilities to justify our "stringent" requirements to a new firewall vendor (unnamed to protect the lame). Their current limit is ~20 pps (packets per second) per virtual connection. I find this totally inadequate since even my underpowered little linux box at home can log ~680pps (tested with a simple udp flood 49 byte payload). I've done quite a bit of googling and haven't found much publicized info on this. If anyone has some comparisons or is willing to flood their firewall (udp or other) and provide me some counts of their logging capabilities, it would be great. I'll eventually be compiling a large comparison paper and will happily post the results. It seems that many networks may be vulnerable to attack by combining a simple flood to fill the logs, then happily hacking away undetected. Yes, I know the concept is not new, but I am amazed at how limited some of the new big centralized and "better"? virtual devices are when it comes to simple security and auditing requirements. Replies to the list or individually appreciated! Kis ---------------------------------------------------------------------------- Do you know the base address of the Global Offset Table (GOT) on a Solaris 8 box? CORE IMPACT does. www.securityfocus.com/core
This archive was generated by hypermail 2b30 : Wed Feb 19 2003 - 13:26:37 PST