[23957] in North American Network Operators' Group
Re: Smurf tone down
daemon@ATHENA.MIT.EDU (alex@nac.net)
Sat May 1 12:18:04 1999
Date: Sat, 1 May 1999 12:16:43 -0400 (EDT)
From: alex@nac.net
To: Joe Shaw <jshaw@insync.net>
Cc: nanog@merit.edu
In-Reply-To: <Pine.SOL.4.10.9905010133570.5474-100000@vellocet.insync.net>
Errors-To: owner-nanog-outgoing@merit.edu
On Sat, 1 May 1999, Joe Shaw wrote:
> After dealing with UUNet security regarding several smurf incidents I
> asked them this same question. Their response (and I'm sure it would be
> the same response of others) was that a lot of the routers on their
> network couldn't handle the load of using CEF-CAR to limit smurf attacks.
"the load" ?
The point of CAR is that is happens in the CEF path, with no/negligible (1
to 2%) additional load. Are UUNet's routers running that close to the
edge? I'd doubt it.
> I'm not sure how true that statement was since I'm not familiar with any
> part of UUNet's backbone equipment other than what I used to get my DS3
> from at Insync and now with my MAE Houston connection, but from what I've
> heard the backbones of a lot of NSP's aren't all made up of Cisco 12000's
> or even 7500's, and I'd guess a fair amount of the existing routers out
> there are borderline overloaded since it's next to impossible to get most
> backbone providers to filter traffic when you're under attack. UUNet
> certainly wouldn't for us because of "router CPU overhead" last time I was
> under attack.
What does a 'sho cdp nei' show on your uu-net connecting router?
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Atheism is a non-prophet organization. I route, therefore I am.
Alex Rubenstein, alex@nac.net, KC2BUO, ISP/C Charter Member
Father of the Network and Head Bottle-Washer
Net Access Corporation, 9 Mt. Pleasant Tpk., Denville, NJ 07834
Don't choose a spineless ISP; we have more backbone! http://www.nac.net
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
