[c-nsp] front-end box to protect wimpy Cisco router from DoS?
Ed Ravin
eravin at panix.com
Fri May 11 11:50:12 EDT 2007
On Fri, May 11, 2007 at 05:04:25PM +1000, Brad Henshaw wrote:
> Ed Ravin:
> > I have an elderly 7200 NPE-225 box on my network that has no
> > problem handling normal traffic, but every now and then
> > someone sends a DoS attack in its general direction and the
> > poor thing is unable to do anything useful
>
> What type of interface(s) connect the 7200 upstream and what traffic
> rates & packet types are killing the box?
Fast Ethernet and/or Gigabit Ethernet interfaces, hence my thinking that
a PC would be appropriate. Not sure if I want to use the two Mac Minis
like in that recent post to this list, but that's the idea.
I don't recall the exact numbers, but I remember that even a mere 20-30 Mb
of traffic in short packets would send the 7200 begging for mercy. I don't
need to screen out all potential attacks, but I do need the ability to
screen out any particular attack as soon as we detect it so we can get
our traffic rolling again.
More information about the cisco-nsp
mailing list