On FreeBSD based appliances (like Nokia) this will not happen, as the TCP receive queue is a circular buffer (to solve this problem). The next connection replaces the oldest half open connection. Cannot comment on Solaris, but I know that the first patch years ago only increased the size of the receive queue.
Jeff LaCoursiere Infrastructure Specialist T-Motion -----Original Message----- From: Randy Johnson [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 24, 2002 6:01 PM To: [EMAIL PROTECTED] Subject: Re: [FW-1] tcp session timeout It might be possible for a bad guy to run a DOS against your firewall by (half)opening many connections to the firewall, and filling the connection table. -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED]] On Behalf Of Yim Lee Sent: Thursday, January 24, 2002 9:44 AM To: [EMAIL PROTECTED] Subject: [FW-1] tcp session timeout What is the security risk to setting tcp session timeout to 8 hours? Currently, I have it set at 1 hour. Yim __________________________________________________ Do You Yahoo!? Great stuff seeking new owners in Yahoo! Auctions! http://auctions.yahoo.com ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
