nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re[2]: SYN floods (was: does history repeat itself?)

From: "Alec H. Peterson" <chuckie () panix com>
Date: Tue, 10 Sep 1996 14:12:41 -0400 (EDT)
Alexis Rosen writes:


Also true. As I said before, I don't know about the Ascends, but I do know
that the Xylogics boxes we use have the capability but probably not the
capacity. When all ports are connected at 28.8, CPU usage can hover in
the high 80% range. Adding filters would probably be a bad idea.


Yes, packet filters would certainly be a Bad Idea[tm].



That's why I was talking about filtering at a router just upstream from
the dial-access box.

FWIW, even with a thousand very busy modems, I'm pretty sure that even a
small cisco is up to the job. They just don't generate all that much traffic.


Could be, although I'd want to see this before I bet the farm on it.
I'm not sure how efficient crisco's filtering algorithm is...

Alec

-- 
+------------------------------------+--------------------------------------+
|Alec Peterson - chuckie () panix com   | Panix Public Access Internet and UNIX|
|Network Administrator/Architect     | New York City, NY                    |
+------------------------------------+--------------------------------------+
- - - - - - - - - - - - - - - - -
Previous By Date Next
Previous By Thread Next

Current thread: