[121027] in North American Network Operators' Group
Re: I don't need no stinking firewall!
daemon@ATHENA.MIT.EDU (bill from home)
Fri Jan 8 09:03:00 2010
Date: Fri, 08 Jan 2010 09:02:12 -0500
From: bill from home <bill@kruchas.com>
To: "Dobbins, Roland" <rdobbins@arbor.net>
In-Reply-To: <20B7B3C0-434E-4A73-81F2-DCA7E3A790BD@arbor.net>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Roland,
I understand, but at the site we are protecting, at what point is
the bottleneck the connection speed, and at what point is the state
table the bottle neck.
It saves me the following uncomfortable conversation.
ME> Mr customer, remember that firewall you bought a couple of years ago
for $$$$.
Customer> Yes...
ME> We might better throw it out. And then you can pay me to harden your
hosts.
Or I could just re cable, and leave it turned on, they would never know
(just kidding).
And maybe there is no way to tell, but I feel I need to ask the question.
Thanks Bill Kruchas
Dobbins, Roland wrote:
> On Jan 8, 2010, at 8:22 PM, bill from home wrote:
>
>
>> Or as I suspect we are talking about a larger scale?
>>
>
> Even an attacker with relatively moderate resources can succeed simply by creating enough well-formed, programatically-generated traffic to 'crowd out' legitimate traffic.
>
> -----------------------------------------------------------------------
> Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
>
> Injustice is relatively easy to bear; what stings is justice.
>
> -- H.L. Mencken
>
>
>
>
>
