[149561] in North American Network Operators' Group
Re: Firewalls in service provider environments
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Wed Feb 8 10:02:28 2012
In-Reply-To: <62055779754543ae83e3c0fe4cdad677.squirrel@mail.mattreath.com>
Date: Wed, 8 Feb 2012 10:01:33 -0500
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Matthew Reath <matt@mattreath.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, Feb 8, 2012 at 9:25 AM, Matthew Reath <matt@mattreath.com> wrote:
> Good point. Adding in an established entry, although may open you up for
> TCP/SYN sort of packets is a better trade off than affecting customer
> traffic.
'established' is explicitly NOT 'syn' ...
maybe you meant 'ack flood' ? (or rst flood? or .... but certainly not
syn flood)
