Firewall Wizards mailing list archives
RE: firewall-wizards digest, Vol 1 #1077 - 2 msgs
From: "Jeff B" <bolesjb () yahoo com>
Date: Thu, 4 Sep 2003 18:39:07 -0700
Now a VPN firewall failing closed is an interesting idea. What if you had a VPN firewall which identified bandwidth used over time per client connection, and if it exceeded some maximum value, cranked down the allocated bandwidth? Can think of multiple internal points this would be useful in, in hindsight after the worm incidents of the last few weeks. I think LightSpeed System's Total Traffic Control can do this, and could probably be done with snort and some other tools, but would be interesting to do this with more mainstream devices. -------------------------- Subject: Re: Re: [fw-wiz] Use of firewalls in networks of today (Was: Re: Setting up H323 IP telephony etc ) From: "Victoria of Borg" <vicofborg () myrealbox com> To: firewall-wizards () honor icsalabs com Date: Tue, 02 Sep 2003 20:55:12 -0500 [snip]
Exactly. And as we've all said before, a firewall is only so good. Take t= hese worms that propegate over tcp/135. Any firewall worth its price blo= cks that one. Unless it is an internal fireall on a VPN/RAS network and = the users need to get at their drives, of course. Then it's like so much= tissue. Actually, in our case it was more like a fuse than anything; t= he ping-flood melted the firewall so bad it failed closed.
[snip] _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: firewall-wizards digest, Vol 1 #1077 - 2 msgs Jeff B (Sep 05)