[c-nsp] 2948G replacement?

Gert Doering gert at greenie.muc.de
Tue Aug 31 04:05:31 EDT 2004


Hi,

On Mon, Aug 30, 2004 at 03:16:08PM -0700, matthew zeier wrote:
> > If it's a 2948G, why is it affecte by DDoS?  The management VLAN should
> > not be reachable by the outside world, so DDoSes should not be able to
> > affect the 2948G at all.
> 
> If a host on a non-management VLAN gets infected with something like SQL 
> Slammer and starts pushing out 90Mbps+, all other ports on that switch 
> basically get hosed.  

Interesting.  We did have a fair number of SQL slammer hosts, and while
the uplink to the router got saturated enough to be unusable, the switches
itself (Cat5500 and 2948G) could cope very well.

> That or if one host starts spewing broadcast traffic 
> then the switch is nearly useless. 

Broadcast limiting (to some low percentage of interface bandwidth) works 
well for us.

gert

-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de


More information about the cisco-nsp mailing list