[4277] in North American Network Operators' Group
Re: Re[2]: SYN floods (was: does history repeat itself?)
daemon@ATHENA.MIT.EDU (Alexis Rosen)
Tue Sep 10 22:10:35 1996
From: Alexis Rosen <alexis@panix.com>
To: chuckie@panix.com (Alec H. Peterson)
Date: Tue, 10 Sep 1996 14:21:20 -0400 (EDT)
Cc: pcalhoun@usr.com, nanog@merit.edu, perry@piermont.com
In-Reply-To: <199609101812.OAA00974@panix2.panix.com> from "Alec H. Peterson" at Sep 10, 96 02:12:41 pm
Alec H. Peterson writes:
>
> Alexis Rosen writes:
> >That's why I was talking about filtering at a router just upstream from
> >the dial-access box.
> >
> >FWIW, even with a thousand very busy modems, I'm pretty sure that even a
> >small cisco is up to the job. They just don't generate all that much traffic.
>
> Could be, although I'd want to see this before I bet the farm on it.
> I'm not sure how efficient crisco's filtering algorithm is...
I would. As a point of reference, we have filters on two fairly busy T1s,
which between them account for more then 500 modems worth of traffic and
a *lot* more besides (all of VTW's traffic, for example). Putting filters
on these, both an an AGS+/4, didn't make an enormous difference in CPU- it's
still <30%. Surely a 2500 series box could handle that much. (It's 68030 vs.
68040, but we're at 30% utilization, and we're doing other things on that
box.)
/a
---
Alexis Rosen Owner/Sysadmin,
PANIX Public Access Unix & Internet, NYC.
alexis@panix.com