Re: Arrowpoint CS-100 atack

["Duquette, John" <john.duquette () EDS COM>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is not accurate.

I will quote from f5's web site on this:

"Can reap idle connections (thwarts Denial of Service attacks)
Can perform source route tracing (thwarts IP spoofing)
Resists unacknowledged SYN without ACK buffers (thwarts SYN floods)"

John

> The arrowpoints are great in the fact that they help to
> prevent SYN,Illegal Src attacks, etc. Since unlike most
> loadbalacners, which will blindly loadbalance any attack(BigIP)
> or use some kind of Counters(Alteons), During a regular TCP
> handshake the Arrowpoint intercept the packet destin for
> loadbalanced machines, spoof the connection and sends a SYN ACK
> back to the source if the source does not answer back the
> connection is drop.
> This all takes
> alot of CPU, and if the attack is great it will overwelm the CPU as
> is in the case of what is happening to you right now.. YOU dont
> want to turn this feature off, you have more other important
> issue's to worry about here, since turning off these features the
> attack will be passed on to your machines, which will be hammered.
> You have some choices here, get a higher end arrowpoint.. CS-150??
> If the load of traffic + attack will be too great for the 150, go
> 800, these are modular and can be very expensive but worth all the
> money. Since its modular it can grow as your network grows..

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBOey9hNwfv0dRtjgLEQLLrQCfQvFifG3MpJEfih5Aomekay/P8r8An1fv
/42H6UKiPXsmVPwHS0jFJOO8
=a1Nf
-----END PGP SIGNATURE-----