Real world Anti-DDOS attack practice.
Clayton Fiske
clay at bloomcounty.org
Fri Mar 23 19:08:03 UTC 2001
On Fri, Mar 23, 2001 at 05:25:22AM -0800, mdevney at teamsphere.com wrote:
> Good suggestions all, but as a short-term solution access lists work. A
> Cisco 7500 with an access list 30 pages long (literally -- I printed it
> out once) works on an OC48. Not sure how that would stand up to a couple
> truly massive floods, but it works fine under normal traffic and the
> average flooding any ISP gets.
Yeah, but the challenge is getting an OC48 into a 7500. ;)
And frankly, I've -never- seen a significant[0] access list perform well
on an RSP4 at even OC3 level. Then again, the last time I tried such a
thing I wouldn't touch CEF with a 10-foot pole. Maybe it's better now.
-c
[0] significant = longer than about 5 lines, even with 'permit tcp estab'
as the first line
More information about the NANOG
mailing list