nanog mailing list archives
Re: I don't need no stinking firewall!
From: "Dobbins, Roland" <rdobbins () arbor net>
Date: Tue, 5 Jan 2010 21:33:00 +0000
On Jan 6, 2010, at 4:07 AM, Mark Foster wrote:
I'm interested by this assertion; surely Stateful Inspection is meant to facilitate the blocking of out-of-sequence packets, ones which aren't part of valid + recognised existing sessions - whilst of course allowing valid SYN session-starters, etc? So thus, there may still be some value in catching 'injected' packets which don't actually belong in a session... ?
Nope - the hosts handle this better on their own.
Some might argue that DoS is preferred to the other degrees of risk that many webservers hold... (trying not to point the finger in any one specific direction.)
Except that the firewalls don't mitigate any of the other degrees of risk, either. ----------------------------------------------------------------------- Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com> Injustice is relatively easy to bear; what stings is justice. -- H.L. Mencken
Current thread:
- I don't need no stinking firewall! Brian Johnson (Jan 05)
- Re: I don't need no stinking firewall! Dobbins, Roland (Jan 05)
- Re: I don't need no stinking firewall! Brielle Bruns (Jan 05)
- Re: I don't need no stinking firewall! Simon Lockhart (Jan 05)
- Re: I don't need no stinking firewall! Brielle Bruns (Jan 05)
- Re: I don't need no stinking firewall! Jared Mauch (Jan 05)
- Re: I don't need no stinking firewall! Kevin Oberman (Jan 05)
- Re: I don't need no stinking firewall! Tony Finch (Jan 06)
- Re: I don't need no stinking firewall! Brielle Bruns (Jan 05)
- Re: I don't need no stinking firewall! Dobbins, Roland (Jan 05)
- Re: I don't need no stinking firewall! Dobbins, Roland (Jan 05)
- Re: I don't need no stinking firewall! Dobbins, Roland (Jan 05)
- Re: I don't need no stinking firewall! Dobbins, Roland (Jan 05)
- Re: I don't need no stinking firewall! Jonathan Lassoff (Jan 05)
- Re: I don't need no stinking firewall! Dobbins, Roland (Jan 05)
- RE: I don't need no stinking firewall! George Bonser (Jan 05)
- Re: I don't need no stinking firewall! James Hess (Jan 05)
- Re: I don't need no stinking firewall! William Pitcock (Jan 06)
- Re: I don't need no stinking firewall! Dobbins, Roland (Jan 06)