pfSensei

Nan-in, a Japanese master received a university professor who came to inquire about denial of service attacks.

Nan-in served tea. He poured his visitor’s cup full, and then kept on pouring.

The professor watched the overflow until he no longer could restrain himself. “It is overfull. No more will go in!”

“Like this cup,” Nan-in said, “your WAN is full of inbound traffic. How can the firewall stop an attack that has already consumed your bandwidth?”

∞

management open
weak unchanged password, oh shit
unemployment sucks

asymmetrical
routing stateful filtering
blocked packets fill logs

What is the sound of one packet routing?