more on filtering

Ray Burkholder ray at oneunified.net
Fri Oct 31 19:16:18 UTC 2003


> 
> Even if I had an all-Juniper network, I'd still need to 
> decide what to do
> about DDOS attacks... Do I just call my circuit vendors and 
> keep adding
> OC48s until the problem goes away?
> 
But isn't this just trying to put a square peg into a round hole?  Wouldn't
it be better to let routers route, switches switch, and filter boxen filter?
I know people like to have routers talk directly to each other, but there
are certain high capacity upper layer filter boxen out there that, when
inserted into the link, can handle this nastiness, so a router doesn't
over-work its designed-to-be-lazy processor.


-- 
Scanned for viruses and dangerous content at 
http://www.oneunified.net and is believed to be clean.




More information about the NANOG mailing list