[36062] in North American Network Operators' Group
Re: Real world Anti-DDOS attack practice.
daemon@ATHENA.MIT.EDU (Clayton Fiske)
Fri Mar 23 14:11:07 2001
Date: Fri, 23 Mar 2001 11:08:03 -0800
From: Clayton Fiske <clay@bloomcounty.org>
To: mdevney@teamsphere.com
Cc: nanog@merit.edu
Message-ID: <20010323110803.G89061@bloomcounty.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <Pine.LNX.4.21.0103230522260.22710-100000@core.teamplay.net>; from mdevney@teamsphere.com on Fri, Mar 23, 2001 at 05:25:22AM -0800
Errors-To: owner-nanog-outgoing@merit.edu
On Fri, Mar 23, 2001 at 05:25:22AM -0800, mdevney@teamsphere.com wrote:
> Good suggestions all, but as a short-term solution access lists work. A
> Cisco 7500 with an access list 30 pages long (literally -- I printed it
> out once) works on an OC48. Not sure how that would stand up to a couple
> truly massive floods, but it works fine under normal traffic and the
> average flooding any ISP gets.
Yeah, but the challenge is getting an OC48 into a 7500. ;)
And frankly, I've -never- seen a significant[0] access list perform well
on an RSP4 at even OC3 level. Then again, the last time I tried such a
thing I wouldn't touch CEF with a 10-foot pole. Maybe it's better now.
-c
[0] significant = longer than about 5 lines, even with 'permit tcp estab'
as the first line
