* Tony Sarendal <[EMAIL PROTECTED]> [2007-10-22 18:33]: > I didn't get that opinion from marketing. > No matter, we disagree, lets leave it at that.
well, yeah, nontheless, I wanna point out the essence why stateful is better (the way we do it in OpenBSD): 1) it moves the limit where the box starts to suffer from overload quite far, or, in other words, the box can handle a much larger amount of traffic before it starts to drop stuff. thus it can withstand bigger amounts of (D)DoS too. 2) once it gets to that point, it is more selective in dropping packets than a stateless box, as it prefers established connections. this behaviour cannot be valued enough in (D)DoS type of situations. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
