|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: DOS attack tracing
[email protected] (Richard) wrote: > Ethernet to the primary upstream. I think that the lesson is _always_ use a > router powerful enough to handle all ingress traffic at wire rate. Without > access to the router, there is nothing you can do. So we are going to switch > out the router. If you are mostly concerned about not being able to use the router console during attacks, you may change the CPU scheduling a bit. A brief "scheduler allocate 60000 2000" has helped me a lot there. The box stays manageable. This does of course not help you with the router "going dead" in regard to packet forwarding... Yours, Elmi. -- "Begehe nur nicht den Fehler, Meinung durch Sachverstand zu substituieren." (PLemken, <[email protected]>) --------------------------------------------------------------[ ELMI-RIPE ]---
|