"Stateful firewalls are likely to fail under a DDOS attack because they keep track of connection requests until the table is full."

Is there a firewall that initiates an SPI entry from the outside to the inside (besides CBAC of course)? What would be the point of such a firewall?

STATEFUL firewalls are the problem. It makes no sense to put stateful firewalls in front of server farms. Any mechanism that tracks state is a DDoS intensifier. If you're running services on ports 80 and 443, put stateless ACLs on the edge routers, running in hardware, that are capable of line rate. That protects you against traffic on inappropriate ports without creating a stateful DDoS vector. If you need to mitigate application-layer attacks, do it on the servers with something like mod_security. That way you can distribute the attack across the server farm instead of running a stateful choke point that risks bringing your whole site down.

Or just configure the STATEFUL firewall correctly to be in front of a web server and you achieve the same.

A misconfigured STATEFUL firewall is still just a misconfigured firewall.

"I pull my foot from the gas and it doesn't touch the pedal again until the rude bastard loses his patience and goes away."

This is unsafe and what I was responding to. This action is *just* as unsafe as the tailgater.
Slowing down to drive defensively is well and good, however the above quoted action is not "driving defensively."
I suggest slowing down to no more than 5 Mph slower than the flow of traffic, and move right at the first chance.

Bottom line, if you are not a cop, quit trying to enforce the law. That is not your call to make.

Sorry for the big words there bubba.

Are you a law enforcement officer that has been trained as to what is and is not "exceeding the speed limit"? Please stay off the road. You are an accident waiting to happen. Personally, I just move over, since I don't wish to contribute to someone's road rage and get a bullet to the head.

Holy shit! We have found the Flying Spaghetti Monster!