"Paul D. Robertson" wrote: > > Right, but I was wondering if the [w2k] frag reassembly code is > now threaded where it wasn't before.
Nah. I just think someone clued them in on having more than 100 reassembly slots being a good idea. That, and zapping old reassemblies when the slots are full. That, And perhaps NOT storing identical fragments in a linear lookup list. (I'm not sure that that is what they did, but I can't think of many other reasons to why jolt2 worked the way it did with ramping up CPU load logarithmically. The effects of a low-bandwidth jolt2 were really interesting to watch.) > Ah, but a firewall isn't just a L3/4 protection device, and clients > aren't just L3/4 devices. The essence of "more secure" is "less > places exposed to high risk." I agree that a "firewall" (as in the "collection of systems" sense of the word) is not just a L3/L4 "device". That would be why I started talking about proxies and relays farther down ;) > Yes, but the *important* point there is that with an ALG you can pick the > BEST per-protocol gateway available. With an SPF, you're stuck with > whatever protocol support the vendor chose (e.g. I could put Raptor's SMTP > gateway on a Guantlet, while you couldn't put Checkpoint's SMTP stuff on a > PIX.) Please note that I DO NOT consider grepping for strings in unreassembled TCP packets "an ALG" or even "protocol support" at all. TCP streams needs to be reassembled before you can use the data they transport. Although, yes, some vendors extend the meaning of "stateful inspection" into poking around in raw TCP packets, and this is where (IMHO) things start approaching extreme suckiness. (And I guess you agree.) Hmm. This is getting real silly real fast. We keep arriving at firewalling environments that invalidate the topic completely. Maybe the topic should have been "proxy+stateful" so we can all just sit around agreeing with eachother and beeing all nicey-nicey :P I'll just stop the pain by not even trying to count points. Your beer will be in the mail as soon as you tell me where to send it :) -- Mikael Olsson, Clavister AB Storgatan 12, Box 393, SE-891 28 �RNSK�LDSVIK, Sweden Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05 Fax: +46 (0)660 122 50 WWW: http://www.clavister.com Ynlre 8 frphevgl fbyhgvbaf: uggc://yneg.onqs00q.bet _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
