Quote:
Originally posted by p00p
There might be some script kiddies reading this who will be quite willing to prove that $100k firewall worth squat. 
|
Yup and apart from the fact that a DDoS is usually traffic just like
legit users watching your pages......it's just WAY too much traffic
if a 100 servers are requesting pages on 1, 2, 3 servers at full
speed.....it's needles to say that those servers will go down just
as a $100K firewall would especially if the IP's that are being used
are not spoofed/forged.
Servers still run with a 100Mpbs network card so as long as the
amount of request is higher than the capacity 1 or multiple servers can handle you'll always win. And that's even BEFORE a
firewall can read/verify if packets should be accepted or dropped.
Sticking in a 1Gbps ethernet wouldn't solve that either. I would like to see a firewall that can handle 1Gpbs packets to be verified
real time. Especially if the packets are small request packets.
Unless you are able to slow down/break up the DDoS you're
fucked simply due the volume and amount of different source
addresses a good DDoS creates.
DynaMite