Smurf tone down
alex at nac.net
alex at nac.net
Sat May 1 16:16:43 UTC 1999
On Sat, 1 May 1999, Joe Shaw wrote:
> After dealing with UUNet security regarding several smurf incidents I
> asked them this same question. Their response (and I'm sure it would be
> the same response of others) was that a lot of the routers on their
> network couldn't handle the load of using CEF-CAR to limit smurf attacks.
"the load" ?
The point of CAR is that is happens in the CEF path, with no/negligible (1
to 2%) additional load. Are UUNet's routers running that close to the
edge? I'd doubt it.
> I'm not sure how true that statement was since I'm not familiar with any
> part of UUNet's backbone equipment other than what I used to get my DS3
> from at Insync and now with my MAE Houston connection, but from what I've
> heard the backbones of a lot of NSP's aren't all made up of Cisco 12000's
> or even 7500's, and I'd guess a fair amount of the existing routers out
> there are borderline overloaded since it's next to impossible to get most
> backbone providers to filter traffic when you're under attack. UUNet
> certainly wouldn't for us because of "router CPU overhead" last time I was
> under attack.
What does a 'sho cdp nei' show on your uu-net connecting router?
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Atheism is a non-prophet organization. I route, therefore I am.
Alex Rubenstein, alex at nac.net, KC2BUO, ISP/C Charter Member
Father of the Network and Head Bottle-Washer
Net Access Corporation, 9 Mt. Pleasant Tpk., Denville, NJ 07834
Don't choose a spineless ISP; we have more backbone! http://www.nac.net
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
More information about the NANOG
mailing list