On Jan 6, 2010, at 3:03 PM, William Pitcock wrote: > So, in fact, all incoming packets should > be considered unsolicited until proven otherwise.
Concur - it works this way, as well. At one extreme, completely pathological, at the other extreme, perfectly normal - just faux. ;> > It should be mentioned that DDoS mitigation gear in use on that network let > those packets through without even alerting us about it. This is where baselining and anomaly-detection can come into play, along with an understanding of valid/invalid states, if the system is designed correctly, heh. ----------------------------------------------------------------------- Roland Dobbins <rdobb...@arbor.net> // <http://www.arbornetworks.com> Injustice is relatively easy to bear; what stings is justice. -- H.L. Mencken
