Hi All, Today we create a connection tracking entry for every new packet that we see, whether valid, invalid or even for one that will be dropped in future by filter.
Is there an advantage in this design approach? Does it make sense not to create these entries so that an intruder is not able to bog down the system by just sending new connections which may not be allowed altogether but end up causing new resources to be allocated. Could someone enlighten me please? Regards __________________________________________________ Do You Yahoo!? Yahoo! Tax Center - online filing with TurboTax http://taxes.yahoo.com/