I don't need no stinking firewall!

• Previous message (by thread): I don't need no stinking firewall!
• Next message (by thread): I don't need no stinking firewall!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > And I don't believe anyone is necessarily advocating exposing
> individual
> > servers directly to the internet either.
> 
> Actually, some of us are.

That can be difficult to do when you have maybe 300 or 400 servers that
handle one service.  Let's say you have a site called www.foobar.com and
you have several hundred servers on the front end that handle that
domain.  You aren't going to put several hundred A records in DNS; at
least I hope you aren't.  One would probably have a load balancer of
some sort in front of those machines.  That is the device that would be
fielding any DoS.


> > There are other devices that
> > can handle isolation of the servers and protect them against such
> things
> > as syn floods.
> 
> What is the point of that when the servers can do it themselves?

I have a feeling you are talking about relatively small amounts of
traffic.  

• Previous message (by thread): I don't need no stinking firewall!
• Next message (by thread): I don't need no stinking firewall!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]