[nsp] MD5 causes biggern problem than it fixes?
Dan Hollis
goemon at anime.net
Wed Apr 21 16:04:22 EDT 2004
On Wed, 21 Apr 2004, Edward Henigin wrote:
> If you're suggesting that ACLs would be processed at the same rate
> as RPF, then I just don't know the answer. All I know is access-lists
> on Ciscos puts you at high risk for CPU DOS.
You dont need *any* ACLs to be at high risk for CPU DOS. Anything which
will cause your cisco to arp storm is enough (seen with the various
windoze worms which scan vast ip ranges quickly).
-Dan
More information about the cisco-nsp
mailing list