On Jan 6, 2010, at 4:07 AM, Mark Foster wrote: > I'm interested by this assertion; surely Stateful Inspection is meant to > facilitate the blocking of out-of-sequence packets, ones which aren't part > of valid + recognised existing sessions - whilst of course allowing valid > SYN session-starters, etc? > > So thus, there may still be some value in catching 'injected' packets > which don't actually belong in a session... ?
Nope - the hosts handle this better on their own. > > Some might argue that DoS is preferred to the other degrees of risk that > many webservers hold... (trying not to point the finger in any one > specific direction.) Except that the firewalls don't mitigate any of the other degrees of risk, either. ----------------------------------------------------------------------- Roland Dobbins <rdobb...@arbor.net> // <http://www.arbornetworks.com> Injustice is relatively easy to bear; what stings is justice. -- H.L. Mencken
