[nsp] matching on packet length on 7600s
Rajeshbansal9 at aol.com
Rajeshbansal9 at aol.com
Mon Mar 8 11:56:29 EST 2004
Hi,
The 7600 punts a packet that needs to be matched on packet length to the
msfc. So a naachi attack would cause every single packet to be sent to the msfc
for inspection. Cisco says to sort on protocol ( done in hw) and then rate limit
to msfc but i think that's have a half as* solution.
Anyone figured out any way to process this hardware using the 7600s using the
add on cards to the 7600, maybe the fw or the ids blade?
thanks
Raj
More information about the cisco-nsp
mailing list