On 11/29/07, Marcus J. Ranum wrote:
> I have no idea if the product is any good or not but using a
> network processor to do layer-7 stuff is not exactly rocket
> science!

No comment on the rest of this message, but as someone who has had the
unique, uh, "privilege" of writing significant code on an NPU (the
IXP2400), I find this particular assertion amusing. In pure CS terms,
"doing layer 7 stuff" comes pretty close to rocket science. Read
Varghese, and remember that without actual algorithms, you crash into
the speed of SRAM. Even on a fancy multicore whizz-bang NPU.

I will do you the favor of "truing up" your quip:

"I have no idea if the product is any good or not, but using an FPGA
regexer to do simple string matches at layer-7 is not exactly rocket

Too true, too true.

Thomas H. Ptacek // matasano security
read us on the web: http://www.matasano.com/log
firewall-wizards mailing list