[c-nsp] PIX-525 attack performance
mack
mack at exchange.alphared.com
Sun Nov 18 19:05:05 EST 2007
Does anyone have hard figures on the PIX-525 syn flood performance?
It looks like the CPU overloads somewhere between 20 and 25 mbits.
This is pure syn flood aimed at port 80.
There is about 2mbits of legitimate traffic.
We have rate-limited syn packets to the device at the upstream switch.
Any tweaks or hints to improve this are appreciated.
At 18mbits the cpu usage is:
show cpu usage
CPU utilization for 5 seconds = 84%; 1 minute: 85%; 5 minutes: 85%
The settings we are using for static translation are:
static (inside,outside) X.X.X.X X.X.X.X netmask 255.255.255.240 tcp 0 1000
show version
Cisco PIX Security Appliance Software Version 7.2(2)
Compiled on Wed 22-Nov-06 14:16 by builders
System image file is "flash:/pix722.bin"
Config file at boot was "startup-config"
PIX525-A up 55 days 0 hours
Hardware: PIX-525, 192 MB RAM, CPU Pentium III 600 MHz
Flash E28F128J3 @ 0xfff00000, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB
0: Ext: Ethernet0 : address is 0012.7f32.841f, irq 10
1: Ext: Ethernet1 : address is 0012.7f32.8420, irq 11
Licensed features for this platform:
Maximum Physical Interfaces : 10
Maximum VLANs : 100
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : Unlimited
This platform has an Unrestricted (UR) license.
--
LR Mack McBride
Network Administrator
Alpha Red, Inc.
More information about the cisco-nsp
mailing list