Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DDOS Attack Mitigation

From: isplist () PINNACLE NET AU (John Edwards)
Date: Wed, 16 Feb 2000 10:41:57 +1030

Alan Brown wrote:


On Sun, 13 Feb 2000, Darren Reed wrote:


You know if anyone was of a mind to find someone at fault over this,
I'd start pointing the finger at ISP's who haven't been doing this
due to "performance reasons".


To be fair, if you do this on most terminal servers (eg, Cisco 5300, Max
4000), they will collapse under the load.


I maintain a number of sites running the ACC/Ericsson Tigris access
servers, which have similar processing power to the 5300. These units
have ingress filtering enabled on dialup ports by default, requiring a
trivial amount of CPU utilization to do so. Ingress filtering is really
just another routing decision, something that these kinds of boxes are
made to do all day, every day.

John Edwards
Previous By Date Next
Previous By Thread Next

Current thread: