North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Smurf tone down
On Sat, 1 May 1999, Joe Shaw wrote: > After dealing with UUNet security regarding several smurf incidents I > asked them this same question. Their response (and I'm sure it would be > the same response of others) was that a lot of the routers on their > network couldn't handle the load of using CEF-CAR to limit smurf attacks. "the load" ? The point of CAR is that is happens in the CEF path, with no/negligible (1 to 2%) additional load. Are UUNet's routers running that close to the edge? I'd doubt it. > I'm not sure how true that statement was since I'm not familiar with any > part of UUNet's backbone equipment other than what I used to get my DS3 > from at Insync and now with my MAE Houston connection, but from what I've > heard the backbones of a lot of NSP's aren't all made up of Cisco 12000's > or even 7500's, and I'd guess a fair amount of the existing routers out > there are borderline overloaded since it's next to impossible to get most > backbone providers to filter traffic when you're under attack. UUNet > certainly wouldn't for us because of "router CPU overhead" last time I was > under attack. What does a 'sho cdp nei' show on your uu-net connecting router? -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Atheism is a non-prophet organization. I route, therefore I am. Alex Rubenstein, [email protected], KC2BUO, ISP/C Charter Member Father of the Network and Head Bottle-Washer Net Access Corporation, 9 Mt. Pleasant Tpk., Denville, NJ 07834 Don't choose a spineless ISP; we have more backbone! http://www.nac.net -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
|