[nycbug-talk] OpenBSD pf "bakeoff"

Josh Rivel josh at rivels.org
Fri Jun 15 10:14:58 EDT 2012


On Fri, Jun 15, 2012 at 9:54 AM, Justin Dearing <zippy1981 at gmail.com> wrote:
> What is the objective of "winning"? Is he just going to throw a pen test at
> it? Do you get multiple runs of this pentest? Is there an attempt to
> overwhelm the firewall with legitimate traffic to measure maximum load?

Sorry, I should have clarified.
We don't have a firm test plan in place, but it will be to use some
sort of traffic-generating device (Ixia/SmartBits/etc.) to see how the
various firewalls handle the load being thrown at them, packet per
second, number of connections, bandwidth, etc.

The initial test will be done using 1gb fiber interfaces, but in
production we have lots of firewalls with 10gb connections.

And yes, we can run the test as many times as we want (within reason).
 I will be doing the testing myself.

It's not a pentest as in a "let see who can break into the firewall"
type of thing.


More information about the talk mailing list