Paul Johnson <baloo@ursine.dyndns.org> [2002-12-08 07:29:19 -0800]: > Well, they fall over pretty easily when hit with a DDOS, *ANYTHING* falls over pretty easily when hit with DDOS. There is no real defense against it at this time. > and it's not hard to get the equivilent of root on them. Any details? (Otherwise I will ignore this as FUD.) > They don't have stateful firewalling. Newer ones do. Anything that does NAT needs stateful firewalling. Most do NAT today. (Now we can debate the definition of stateful.) > About the only thing they're advertised as doing that they actually > do is NAT. NAT is not to be relied apon for security. I strongly disagree. Anything that does NAT makes an acceptable firewall for most consumer purposes. What specifically do you find vulnerable about a NAT based firewall? Please don't keep security vulnerabilities to yourself. Security through obscurity is neither. The best security comes through open debate. If you have found a vulnerability that others have missed then please share it. Bob
Attachment:
pgp76zrVx5YfV.pgp
Description: PGP signature