|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Re[2]: SYN floods (was: does history repeat itself?)
Alexis Rosen writes: > >Also true. As I said before, I don't know about the Ascends, but I do know >that the Xylogics boxes we use have the capability but probably not the >capacity. When all ports are connected at 28.8, CPU usage can hover in >the high 80% range. Adding filters would probably be a bad idea. Yes, packet filters would certainly be a Bad Idea[tm]. > >That's why I was talking about filtering at a router just upstream from >the dial-access box. > >FWIW, even with a thousand very busy modems, I'm pretty sure that even a >small cisco is up to the job. They just don't generate all that much traffic. Could be, although I'd want to see this before I bet the farm on it. I'm not sure how efficient crisco's filtering algorithm is... Alec -- +------------------------------------+--------------------------------------+ |Alec Peterson - [email protected] | Panix Public Access Internet and UNIX| |Network Administrator/Architect | New York City, NY | +------------------------------------+--------------------------------------+ - - - - - - - - - - - - - - - - -
|