[70986] in North American Network Operators' Group
Re: Real-Time Mitigation of Denial of Service Attacks Now Available
daemon@ATHENA.MIT.EDU (Christopher L. Morrow)
Thu Jun 3 11:25:52 2004
Date: Thu, 03 Jun 2004 15:25:11 +0000 (GMT)
From: "Christopher L. Morrow" <christopher.morrow@mci.com>
In-reply-to: <1086252914.795.12.camel@thanos.we-dare.net>
To: Erik Haagsman <erik@we-dare.net>
Cc: Jeff Aitken <jaitken@aitken.com>,
"Jon R. Kibler" <Jon.Kibler@aset.com>, nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 3 Jun 2004, Erik Haagsman wrote:
>
> On Wed, 2004-06-02 at 19:32, Jeff Aitken wrote:
> > On Wed, Jun 02, 2004 at 06:00:38PM +0200, Erik Haagsman wrote:
> > > Only very small ISPs relying on 36xx's or multilayer switching instead
> > > of larger, more powerful might be still valid cases where ACL's are a
> > > problem.
> >
> > Interesting assertion. Care to support it?
>
> It's not unusual for smaller ISP's and small hosting companies to rely
> on low-spec equipment that can just deal with normal traffic flows, but
> start falling apart when a traffic spike hits and access lists are
> present. As an example, take a lower end IronCore Foudry switch with a
Or, look at some examples in the 6500 family even, not really a 'low end'
switch, but still able to fail spectacularly under abnormal conditions.
(provided you don't have super new Sup720 and other wizz-bang-foo hot off
the presses)
-Chris
