From: krisk@kbeta.com
Date: Sun Feb 16 2003 - 11:51:17 EST
I'm currently tasked with providing some comparisons of firewall logging
capabilities to justify our "stringent" requirements to a new firewall
vendor (unnamed to protect the lame).
Their current limit is ~20 pps (packets per second) per virtual
connection. I find this totally inadequate since even my underpowered
little linux box at home can log ~680pps (tested with a simple udp flood
49 byte payload). I've done quite a bit of googling and haven't found
much publicized info on this. If anyone has some comparisons or is
willing to flood their firewall (udp or other) and provide me some
counts of their logging capabilities, it would be great. I'll eventually
be compiling a large comparison paper and will happily post the results.
It seems that many networks may be vulnerable to attack by combining a
simple flood to fill the logs, then happily hacking away undetected.
Yes, I know the concept is not new, but I am amazed at how limited some
of the new big centralized and "better"? virtual devices are when it
comes to simple security and auditing requirements.
Replies to the list or individually appreciated!
Kis
----------------------------------------------------------------------------
Do you know the base address of the Global Offset Table (GOT) on a Solaris 8
box?
CORE IMPACT does.
www.securityfocus.com/core
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:28 EDT