> I know there are plenty of reasons that you may not want to run
> NetBSD on that particular web server, but why is its OS not properly
> protecting it from SYN floods?

Does it matter?

> Is this really the kind of thing we need to (further) bog a stateful
> firewall down with?

This is *exactly* what firewalls are for: to protect `inside' machines
from having their vulnerabilities exploited.

Indeed, it's why I generally don't like firewalls: they amount to
saying "yes, I know there's this vulnerability, but rather than fix it
I'd rather just try to paper over it".

					der Mouse

			       mouse@rodents.montreal.qc.ca
		     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B