On Fri, 08 Jan 2010 08:22:00 EST, bill from home said:
My question is at what size connection does a state table become vulnerable, are we talking 1mb dsl's with a soho firewall?
Security - you're doing it wrong. ;) The question you *should* be asking yourself is "at what size connection am I enough of a network presence that I might attract attention from somebody who might want to attack me?" And that depends more on the *type* of presence than the size of the pipe. If you're a small electrical-components design firm that nobody's heard of, the size of your state table is probably moot. One of your users just drew the attention of some random 4chan /b/tard, the size of the state table is again probably moot. ;) But to answer your question - it's so absurdly easy for a competent(*) attacker to saturate any edge connection smaller than a gigabit or so, that 'state table exhaustion' is only *really* an issue if you have a 10G or bigger pipe. (*) There is of course the case of an incompetent attacker who only has a botnet of a few hundred machines, attacking a small pipe. At that point, it's probably a crap shoot - if your firewall falls over, you've been DDoS'ed. But if it doesn't fall over, you'll probably *still* be DDoS'ed because the machines you're protecting fall over...