RE: [PLUG] fire wall question(s)

Michael Leone on Wed, 27 Feb 2002 23:34:59 -0500

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

RE: [PLUG] fire wall question(s)

From: Michael Leone <turgon@mike-leone.com>

To: PLUG <plug@lists.phillylinux.org>

Subject: RE: [PLUG] fire wall question(s)

Date: 27 Feb 2002 23:34:24 -0500

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

On Wed, 2002-02-27 at 13:08, Gleeson, Francis (HT-EX) wrote: > > So I guess the main point would be that a firewall is tightly > integrated with the kernel and can therefore kill the packet > much sooner than would happen otherwise. By the time a server > daemon get the packet it has been al the way through the protocol > stack. Even so ... in a DOS scenario like we were discussing, you're hosed, since all your bandwidth is consumed by incoming packets, regardless of where in the stack your firewall kills the incoming packet. Killing it sooner might get you back some bandwidth, since you *might* be able to keep up with the incoming flow. Or you might not. -- Michael J. Leone Registered Linux user #201348 <mailto:turgon@mike-leone.com> ICQ: 50453890 AIM: MikeLeone PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF PGP public key: <http://www.mike-leone.com/~turgon/turgon-public-key.gpg>
Attachment: signature.asc
Description: This is a digitally signed message part

References:

RE: [PLUG] fire wall question(s)
From: "Gleeson, Francis (HT-EX)" <FGleeson@GI.com>

Prev by Date: Re: [PLUG] Tripwire setup

Next by Date: [PLUG] http://www.thepennsylvaniahorticulturalsociety.org/

Previous by thread: Re: [PLUG] fire wall question(s)

Next by thread: [PLUG] Installing gnupg on IBM AIX 4.2.x

Index(es):

Date

Thread