On Jan 6, 2010, at 3:03 PM, William Pitcock wrote:
So, in fact, all incoming packets should be considered unsolicited until proven otherwise.
Concur - it works this way, as well. At one extreme, completely pathological, at the other extreme, perfectly normal - just faux. ;>
It should be mentioned that DDoS mitigation gear in use on that network let those packets through without even alerting us about it.
This is where baselining and anomaly-detection can come into play, along with an understanding of valid/invalid states, if the system is designed correctly, heh. ----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> Injustice is relatively easy to bear; what stings is justice. -- H.L. Mencken