Originally posted here by chsh


Actually, I'm not, you know who it was, because I always append my handle... I told you to figure out WTF you were talking about, and THEN dispense advice.

Please make a little bit of an effort to understand what you're discussing before you attempt to dispense advice that may or may not be correct.

Would you suggest that I get a hardware firewall to replace my machine's 'software' firewall?
Actually, there was no handle appended to the - AP.. But I really don't care much about those anyways. Plus the original thread was deleted so I never saw any comment you made. And yes, I would recommend that you replace your software firewall with a hardware firewall in the context of the tutorial that I was commenting on.

I do not think there is really a need to make the differentation that you are making such a big deal about because this thread was specifically a tutorial about the shortcomings of personnal firewalls because of CPU exhaustion. So, make the connection and realize that we are talking about inbound traffic. My post by itself could be misleading, but it was not a post by itself, it was a post in a thread of messages.

Perhaps you are the one that is dispensing advice without understanding. Just to recap it for you, here is why I made my recommendation.

Software firewalls(pertaining to personal firewalls), such as the WinXP builtin firewall or the others by Symantec, Norton, can cause CPU spikes and general system slow downs under DoS and DDoS attacks. So, if you have your machine connected to the internet and kiddiot #1 decides to DDoS you. You are affected by the attack because your firewall is using up CPU cycles to reject all of it.

Now, if you are using something along the lines of a linksys or other inexpensive NAT router/firewall, you do not have the CPU exhaustion problem caused by a DDoS attack. However, your connection could be so overloaded that you cannot get to anything on the net.

I was in no way, what so ever trying to make comparisions about products such as packateer, ISA, or other proxy/firewall products.