From: rick.jones2@hp.com   
      
   Char Jackson  wrote:   
   > I'm not sure I see any easy way to separate the two, or even whether   
   > it's beneficial to separate the two. Do you propose setting a limit,   
   > whether arbitrary or adaptive, on the number of SYN packets you'd   
   > allow through, and any beyond that limit would be dropped? If so,   
   > that might help with this specific DOS attack, but a distributed   
   > attack would be allowed through. I'm not trying to be argumentative,   
   > I'm just trying to see more sides of this and expand my knowledge.   
      
   I _generally_ view standalone firewalls as a sad admission that   
   end-system designers (OS and App developers) and administrators cannot   
   get their act together.  As such, I hold them in only slightly higher   
   esteem than NATs.  A curmudgeonly old-school point of view perhaps,   
   but then I keep thinking of one of the chapter quotes from The   
   Mythical Man-Month:   
      
     Adde parvum parvo magnus acervus erit - Ovid   
     Add little to little and there will be a big pile.   
      
   rick jones   
   --   
   portable adj, code that compiles under more than one compiler   
   these opinions are mine, all mine; HP might not want them anyway... :)   
   feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)