|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: [Re: Which Part(s) Failed in the recent DOS Attacks?]
On Tue, Mar 18, 2036 at 03:33:35AM -0700, Toplez Razer wrote: > > Joe, > Firewall-1 has the SynDefender and Cisco IOS 12.0 has TCP Intercept for > stopping TCP DOS. Could these features stop massive TCP DOS attacks? Not a chance in hell. Anything short of a GSR has problems forwarding or flat out dropping (supprisingly often times you get better performance from CAR then an acl deny) the number of packets/sec, Packet inspection, especially of the involved nature of TCP Intercept, is totally useless for attacks of this size. TCP Intercept performance is closer to that of a unix machine with a protected kernel, it will do better then the original kernels back in the day when PANIX was DoS'd by dialup-speed floods, actually it will compete with a very strong unix box running top notch code that still has to process the SYN and attempt a connection, but thats still at least an order of magnitude too little... -- Richard A. Steenbergen <[email protected]> http://users.quadrunner.com/humble PGP Key ID: 0x60AB0AD1 (E5 35 10 1D DE 7D 8C A7 09 1C 80 8B AF B9 77 BB) MFN / AboveNet Communications Inc - ISX Network Engineer, Vienna VA
|