North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Real-Time Mitigation of Denial of Service Attacks Now AvailableWith AT&T

  • From: Christopher L. Morrow
  • Date: Thu Jun 03 11:27:57 2004

On Thu, 3 Jun 2004, Erik Haagsman wrote:

>
> On Wed, 2004-06-02 at 19:32, Jeff Aitken wrote:
> > On Wed, Jun 02, 2004 at 06:00:38PM +0200, Erik Haagsman wrote:
> > > Only very small ISPs relying on 36xx's or multilayer switching instead
> > > of larger, more powerful might be still valid cases where ACL's are a
> > > problem.
> >
> > Interesting assertion.  Care to support it?
>
> It's not unusual for smaller ISP's and small hosting companies to rely
> on low-spec equipment that can just deal with normal traffic flows, but
> start falling apart when a traffic spike hits and access lists are
> present. As an example, take a lower end IronCore Foudry switch with a

Or, look at some examples in the 6500 family even, not really a 'low end'
switch, but still able to fail spectacularly under abnormal conditions.
(provided you don't have super new Sup720 and other wizz-bang-foo hot off
the presses)

-Chris