[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

I don't need no stinking firewall!

Subject: I don't need no stinking firewall!
From: rdobbins at arbor.net (Dobbins, Roland)
Date: Tue, 5 Jan 2010 21:33:00 +0000
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]>

On Jan 6, 2010, at 4:07 AM, Mark Foster wrote:

> I'm interested by this assertion; surely Stateful Inspection is meant to 
> facilitate the blocking of out-of-sequence packets, ones which aren't part 
> of valid + recognised existing sessions - whilst of course allowing valid 
> SYN session-starters, etc?
> 
> So thus, there may still be some value in catching 'injected' packets 
> which don't actually belong in a session... ?

Nope - the hosts handle this better on their own.

> 
> Some might argue that DoS is preferred to the other degrees of risk that 
> many webservers hold... (trying not to point the finger in any one 
> specific direction.)

Except that the firewalls don't mitigate any of the other degrees of risk, either.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

    Injustice is relatively easy to bear; what stings is justice.

                        -- H.L. Mencken

References:
- I don't need no stinking firewall!
  - From: bjohnson at drtel.com (Brian Johnson)
- I don't need no stinking firewall!
  - From: rdobbins at arbor.net (Dobbins, Roland)
- I don't need no stinking firewall!
  - From: blakjak at blakjak.net (Mark Foster)

Prev by Date: I don't need no stinking firewall!
Next by Date: Query regarding maintenance menu on Liebert PeX units
Previous by thread: I don't need no stinking firewall!
Next by thread: I don't need no stinking firewall!
Index(es):
- Date
- Thread