[4266] in North American Network Operators' Group
Re: Re[2]: SYN floods (was: does history repeat itself?)
daemon@ATHENA.MIT.EDU (Alec H. Peterson)
Tue Sep 10 14:20:12 1996
From: "Alec H. Peterson" <chuckie@panix.com>
To: alexis@panix.com (Alexis Rosen)
Date: Tue, 10 Sep 1996 14:12:41 -0400 (EDT)
Cc: pcalhoun@usr.com, nanog@merit.edu, perry@piermont.com
In-Reply-To: <199609101807.OAA01871@panix.com> from "Alexis Rosen" at Sep 10, 96 02:07:03 pm
Alexis Rosen writes:
>
>Also true. As I said before, I don't know about the Ascends, but I do know
>that the Xylogics boxes we use have the capability but probably not the
>capacity. When all ports are connected at 28.8, CPU usage can hover in
>the high 80% range. Adding filters would probably be a bad idea.
Yes, packet filters would certainly be a Bad Idea[tm].
>
>That's why I was talking about filtering at a router just upstream from
>the dial-access box.
>
>FWIW, even with a thousand very busy modems, I'm pretty sure that even a
>small cisco is up to the job. They just don't generate all that much traffic.
Could be, although I'd want to see this before I bet the farm on it.
I'm not sure how efficient crisco's filtering algorithm is...
Alec
--
+------------------------------------+--------------------------------------+
|Alec Peterson - chuckie@panix.com | Panix Public Access Internet and UNIX|
|Network Administrator/Architect | New York City, NY |
+------------------------------------+--------------------------------------+
