Firewall Wizards mailing list archives
Firewall Statefullness:
From: Nimesh Vakharia <nvakhari () mil sunysb edu>
Date: Thu, 21 Aug 2003 18:35:16 -0400 (EDT)
So what is the general consensus today on Statefulness. I am looknig at a few firewalls and each has its own unique features. The standard IP and port tuple, maintaing sequence number based on TCP window size. Some are using mechanism similar to SYN cookies (http://cr.yp.to) to protect themselves from state table overflow. Are there any other fancy features besides these to look for in a vendor: - On how they maintain state. - On how they protect the statetable from overflowing What are leading firewall vendors like netscreen/checkpoint doing? Nimesh. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Firewall Statefullness: Nimesh Vakharia (Aug 26)