From: none@none.invalid   
      
   On Fri, 6 Nov 2009 17:57:48 +0000 (UTC), Rick Jones   
    wrote:   
      
   >Char Jackson  wrote:   
   >> I'm not sure I see any easy way to separate the two, or even whether   
   >> it's beneficial to separate the two. Do you propose setting a limit,   
   >> whether arbitrary or adaptive, on the number of SYN packets you'd   
   >> allow through, and any beyond that limit would be dropped? If so,   
   >> that might help with this specific DOS attack, but a distributed   
   >> attack would be allowed through. I'm not trying to be argumentative,   
   >> I'm just trying to see more sides of this and expand my knowledge.   
   >   
   >I _generally_ view standalone firewalls as a sad admission that   
   >end-system designers (OS and App developers) and administrators cannot   
   >get their act together.  As such, I hold them in only slightly higher   
   >esteem than NATs.  A curmudgeonly old-school point of view perhaps,   
   >but then I keep thinking of one of the chapter quotes from The   
   >Mythical Man-Month:   
   >   
   >  Adde parvum parvo magnus acervus erit - Ovid   
   >  Add little to little and there will be a big pile.   
   >   
   >rick jones   
      
   I see your side, thanks.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)