[c-nsp] Replacment for 3640 + NBAR
Rodney Dunn
rodunn at cisco.com
Wed Aug 25 09:22:07 EDT 2004
On Wed, Aug 25, 2004 at 09:39:11AM +1000, Virgil wrote:
>
> > you're looking at a 4x increase in traffic soon, I think the G1 (or G2
> > coming out in the near future) would stand up better against a DOS.
>
> Just don't enable NBAR unless you have a "fixed" version of IOS.
> See CSCec27338 for more details.
Also if you are doing NBAR on a 75xx make sure you have the fix
for:
CSCec23982
Externally found severe defect: Resolved (R)
Packet fragmentation causes high CPU at interrupt level with NBAR
It's a similar type of issue caused by fragmentation.
Rodney
>
> Regards,
>
> Virgil
>
> --
> WebCentral Pty Ltd Australia's #1 Internet Web Hosting Company
> Level 6, 100 Wickham St. Infrastructure Projects Manager
> PO Box 930, Fortitude Valley. email: virgil at webcentral.com.au
> Queensland, Australia 4006. phone: +61 7 3230 7332
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list