[nsp] MD5 causes biggern problem than it fixes?
Dan Hollis
goemon at anime.net
Wed Apr 21 16:08:03 EDT 2004
On Wed, 21 Apr 2004, Edward Henigin wrote:
> On Wed, Apr 21, 2004 at 12:31:44PM -0700, Dan Hollis said:
> > On Wed, 21 Apr 2004, Edward Henigin wrote:
> > > Regardless of that hurdle, I don't see filtering as a realistic
> > > approach, due to, again, the ease of a CPU DOS when you have filters
> > > in place. IIRC, my Ciscos do NOT do line-rate ACLs...
> > How much CPU does RPF take?
> If you're suggesting that RPF is a solution in this case, please
> elaborate. I suspect that most border routers are like mine and
> require "reachable-via any".
Just because its not applicable to you doesnt mean its useless for
everyone?
Deploy RPF where you can. There's nowhere in your *entire* network where
RPF applies?
-Dan
More information about the cisco-nsp
mailing list