Merit Network
 Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives
North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: I don't need no stinking firewall!

  • From: Dobbins, Roland
  • Date: Wed Jan 06 03:19:04 2010 
On Jan 6, 2010, at 2:47 PM, James Hess wrote:

> "Overflowing the state table"   then  becomes only  a  possible
> outcome  that has some acceptable  level of probability,   assuming
> that your  other protections have already failed...

Wrong.  The attacker just programmatically generates semantically-valid traffic which is indistinguishablle from real traffic, and crowds out the real traffic.

All those fancy timers and counters and what-not don't matter.

I've seen it done over and over again.  Why some folks seem to think this is theoretical or that I somehow haven't thought of something they think will prove to be a magic solution is really beyond me, heh.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>

    Injustice is relatively easy to bear; what stings is justice.

                        -- H.L. Mencken


Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.