On 8/3/07, Atkins, Dwane P <ATKINSD at uthscsa dot edu> wrote:
> I actually have about 200 students on our m0n0wall between like 11 AM to
> 1 PM. Md0c hot 100 %. When you are referring to states, you are talking
> about all entries combined. I mean, the firewall state, the DHCP
> address, etc..?
No, we're talking about firewall states. Each open connection
maintains a state. One SSH session to an outside server is one state.
Loading a typical web page can be 10-30 states (one connection for the
page itself and one per image), though those should close quickly and
hence tend to not have much effect. A P2P application that is
communicating with multiple sessions to hundreds of hosts can take
thousands of states at any given time. A single worm infected host
spewing crap onto the Internet can easily exhaust the state table
because they leave states hanging waiting for replies from scanned
hosts that aren't alive or are firewalled.
200 users, as long as they aren't all using P2P and there aren't any
worm infected hosts, isn't going to exhaust a 30,000 state table with
your typical web browsing, email, etc.