On Jan 6, 2010, at 2:47 PM, James Hess wrote: > "Overflowing the state table" then becomes only a possible > outcome that has some acceptable level of probability, assuming > that your other protections have already failed...
Wrong. The attacker just programmatically generates semantically-valid traffic which is indistinguishablle from real traffic, and crowds out the real traffic. All those fancy timers and counters and what-not don't matter. I've seen it done over and over again. Why some folks seem to think this is theoretical or that I somehow haven't thought of something they think will prove to be a magic solution is really beyond me, heh. ----------------------------------------------------------------------- Roland Dobbins <rdobb...@arbor.net> // <http://www.arbornetworks.com> Injustice is relatively easy to bear; what stings is justice. -- H.L. Mencken
