On Thu, 17 Aug 2000, Barry W. Kokotailo wrote:
> My opnion on that is that the state table has a limited number of connections. If CP
> allowed any tcp connection
> to stay resident in the state table for a long period of time, eventually, memory
> would be exhausted and no further
> connections would be possible to the firewall.
>
> Thinking on this line, it probably is possible to max out the state table, and place
> the site in a DoS state.
>
> Comments from the group of Checkpoint?
Absolutely correct, excellent deduction. In fact, your theory was proven
over a year ago :)
http://www.securityfocus.com/vdb/bottom.html?vid=549
lance
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
