Re: Question - Advice needed.

Granted and valid point.

Let me expand:

Line rate symmetrical performance
10 Mbps firewall and IPSec 3DES VPN throughput
Supports 2,000 concurrent sessions (which may be a problem)
Can establish 960 new sessions per second
Offers 10 VPN tunnels (Which I would use to remotely maintain server)
Supports 100 custom policies
NAT, Route, and Transparent modes of operation
Asset Recovery feature
Web, serial, ssh, and telnet interface
And, as noted in previous e-mail, standard protection against age-old exploits.

On 4/20/05, Paris E. Stone <pstone@alhurra.com> wrote:
> Tear drop attack protection?  Cert advisory from 1997.
>
> SYN flood protection?  Cert advisory from 1996.
>
> Ping-of-Death protection?  Cert advisory from 1996.
>
> LAND attack protection?  Also old, but of course M$'s newest OSes are
> still vulnerable.
>
> Almost all modern TCP/IP stacks from all vendors are no longer
> susceptible to these type of attacks.
>
> Therefore I see little benefit, and no real reason to 'sell-up' the
> product based on it protecting from those type of attacks.
>
> Yes, it is a great firewall, but for a lot of other reasons.  Almost all
> firewalls now protect from vulnerabilities that are almost 9 years old.
>
> ~~~~~
> Paris E. Stone, "Linux Zealot"
> CISSP, CCNP, CNE, MCSE
> ~~~~~
> The only thing necessary for the triumph of evil,
> is for good men to do nothing.
> - Edmund Burke
>
> -----Original Message-----
> From: Mark Owen [mailto:mr.markowen@gmail.com]
> Sent: Monday, April 18, 2005 7:48 PM
> Cc: firewalls@securityfocus.com
> Subject: Re: Question - Advice needed.
>
> I highly recommend the Netscreen 5XP.  It supports tear-drop attack
> protection, SYN flood protection, Ping-of-Death protection, Land
> attacks, and more.  We recently outgrew it but it was a great
> firewall.
>
> http://www.juniper.net/customers/support/products/netscreen5xp.jsp
>
> On 4/16/05, Andrew Rogers <andrew.rogers@optusnet.com.au> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Hello All,
> >
> > Situation: One webserver - Estimated hits p/w 100k+ HDSL connection to
> > the outside.
> >
> > The question is. What is the best Firewall to use? Can a firewall be
> > stuck _on_ the server? what are your suggestions?
> >
> > The most important thing is the ability to remotely manage (ie. From
> > another country)
> >
> > Please help - More info can be provided if required.
> >
> > - -andrew
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.2.5 (MingW32)
> > Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
> >
> > iD8DBQFCYNiKHrvPMNIBbzMRAgKmAKCXQoQBHOwSCQ4m/DCGLHc+6BKLOQCfYzOj
> > aYwxBzvIKW345UfLCEwd4KY=
> > =aTFs
> > -----END PGP SIGNATURE-----
> ------------------------------------------------------------------------
> --
> > Test Your IDS
> >
> > Is your IDS deployed correctly?
> > Find out quickly and easily by testing it with real-world attacks from
> > CORE IMPACT.
> > Go to
> http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> > to learn more.
> ------------------------------------------------------------------------
> --
> >
>
> --
> Mark Owen
>
> ------------------------------------------------------------------------
> --
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from
> CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
>
> to learn more.
> ------------------------------------------------------------------------
> --


-- 
Mark Owen

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------