[55132] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: DOS?

daemon@ATHENA.MIT.EDU (Rob Thomas)
Sat Jan 25 12:18:49 2003

Date: Sat, 25 Jan 2003 09:37:19 -0600 (CST)
From: Rob Thomas <robt@cymru.com>
To: NANOG <nanog@merit.edu>
In-Reply-To: <20030125124416.T50404-100000@sequoia.muada.com>
Errors-To: owner-nanog-outgoing@merit.edu

Hi, NANOGers.

] access-list 150 deny udp any any eq 1434 log-input

Be _very_ careful about enabling such logging.  Some of the worm flows
have filled GigE pipes.  I doubt you really want to log that; Netflow
is a better option in this case.  Too much logging will raise the CPU
utilization to the point of creating a DoS on the router.

Thanks,
Rob.
-- 
Rob Thomas
http://www.cymru.com
ASSERT(coffee != empty);


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[55132] in North American Network Operators' Group

Re: DOS?

daemon@ATHENA.MIT.EDU (Rob Thomas)Sat Jan 25 12:18:49 2003

daemon@ATHENA.MIT.EDU (Rob Thomas)
Sat Jan 25 12:18:49 2003