SYN floods (was: does history repeat itself?)

• Previous message (by thread): SYN floods (was: does history repeat itself?)
• Next message (by thread): SYN floods (was: does history repeat itself?)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Alexis Rosen writes:
>
>Also true. As I said before, I don't know about the Ascends, but I do know
>that the Xylogics boxes we use have the capability but probably not the
>capacity. When all ports are connected at 28.8, CPU usage can hover in
>the high 80% range. Adding filters would probably be a bad idea.

Yes, packet filters would certainly be a Bad Idea[tm].

>
>That's why I was talking about filtering at a router just upstream from
>the dial-access box.
>
>FWIW, even with a thousand very busy modems, I'm pretty sure that even a
>small cisco is up to the job. They just don't generate all that much traffic.

Could be, although I'd want to see this before I bet the farm on it.
I'm not sure how efficient crisco's filtering algorithm is...

Alec

-- 
+------------------------------------+--------------------------------------+
|Alec Peterson - chuckie at panix.com   | Panix Public Access Internet and UNIX|
|Network Administrator/Architect     | New York City, NY                    |
+------------------------------------+--------------------------------------+

• Previous message (by thread): SYN floods (was: does history repeat itself?)
• Next message (by thread): SYN floods (was: does history repeat itself?)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]