[c-nsp] 6500 under DDoS
sthaug at nethelp.no
sthaug at nethelp.no
Tue Jul 27 16:27:11 EDT 2004
> I also found out that the customer has turned on "ip nbar protocol-discovery".
I believe that'll result in packets punted to the MSFC, and then you can
easily kill the box.
The secret to a happy 6500 is keeping (most) packets away from the MSFC.
As long as you can do that, we've found it very resistant to DDoS attacks
(speaking from practical experience here, having weathered several attacks
which saturated GigE links).
Steinar Haug, Nethelp consulting, sthaug at nethelp.no
More information about the cisco-nsp
mailing list