Dobbins, Roland wrote:
On Feb 25, 2010, at 10:09 AM, Shane Alcock wrote:
The questions I have: Is that initial statement correct? Is there anyone out there who is using (or knows anyone who is using) a stateful firewall in such a fashion?
It's utter nonsense, of course, as you rightly suspect.
;>
Thanks Roland, Thought provoking information (that's timely for me). Is protecting against vulnerabilities in the network stacks of the hosts a non issue these days? In some scenarios I have a concern because the devices that need to be protected are appliance boxes, i.e. patches for the OS (while typically derived from Linux or Windows) typically lag. So stateful firewalls or ALGs, assuming you build it big enough, merely force the attacker to be a little more intelligent and craft requests that are indistinguishable from legitimate requests. Since I'm not up to speed with what DDoS attacks consist of these days, do you have any good links to information, papers, presentations, etc., on what these attacks consist of? I'm particularly interested in what they're up to in terms of crafting legit requests, are they primarily trying to flood links by downloading large files, or use resources by running scripts, etc? Questions to you and the list: One of the advantages of firewalls is they generally come with good management systems, i.e. the ability to manage ACLs without writing them by hand. Any thoughts with regards to the best practise, or state of the art, these days in terms of managing ACLs on routers? If I have servers that need to make outbound requests as well, any thoughts for how this is best managed, i.e. stateless inbound, stateful outbound? Cheers Kris