nanog mailing list archives
Re: Real world Anti-DDOS attack practice.
From: Clayton Fiske <clay () bloomcounty org>
Date: Fri, 23 Mar 2001 11:08:03 -0800
On Fri, Mar 23, 2001 at 05:25:22AM -0800, mdevney () teamsphere com wrote:
Good suggestions all, but as a short-term solution access lists work. A Cisco 7500 with an access list 30 pages long (literally -- I printed it out once) works on an OC48. Not sure how that would stand up to a couple truly massive floods, but it works fine under normal traffic and the average flooding any ISP gets.
Yeah, but the challenge is getting an OC48 into a 7500. ;) And frankly, I've -never- seen a significant[0] access list perform well on an RSP4 at even OC3 level. Then again, the last time I tried such a thing I wouldn't touch CEF with a 10-foot pole. Maybe it's better now. -c [0] significant = longer than about 5 lines, even with 'permit tcp estab' as the first line
Current thread:
- Real world Anti-DDOS attack practice. Yu Ning (Mar 22)
- Re: Real world Anti-DDOS attack practice. Basil Kruglov (Mar 22)
- Re: Real world Anti-DDOS attack practice. James M. Shuler III (Mar 22)
- Re: Real world Anti-DDOS attack practice. James M. Shuler III (Mar 22)
- Re: Real world Anti-DDOS attack practice. mdevney (Mar 23)
- Re: Real world Anti-DDOS attack practice. Clayton Fiske (Mar 23)
- Re: Real world Anti-DDOS attack practice. James M. Shuler III (Mar 22)
- Re: Real world Anti-DDOS attack practice. Basil Kruglov (Mar 22)