[c-nsp] 6500 under DDoS
Matti Saarinen
mjsaarin at cc.helsinki.fi
Wed Jul 28 01:31:09 EDT 2004
sthaug at nethelp.no writes:
>> I also found out that the customer has turned on
>> "ip nbar protocol-discovery".
>
> I believe that'll result in packets punted to the MSFC, and then you
> can easily kill the box.
NBAR will easily kill the box. I've tried NBAR on 6500. During the
first minimal DDoS the switch died. NBAR is done on MSFC's CPU which,
as you wrote, should receive as few packets as possible..
Cheers,
--
- Matti -
More information about the cisco-nsp
mailing list