[c-nsp] front-end box to protect wimpy Cisco router from DoS?
Hay Kan Sugeng
haykan at qalacom.com
Sat May 12 00:04:39 EDT 2007
in my opinion, if you had a bgp peer than you better request for a bgp
blackhole to your upstream.
Ed Ravin wrote:
> On Fri, May 11, 2007 at 05:04:25PM +1000, Brad Henshaw wrote:
>
>> Ed Ravin:
>>
>>> I have an elderly 7200 NPE-225 box on my network that has no
>>> problem handling normal traffic, but every now and then
>>> someone sends a DoS attack in its general direction and the
>>> poor thing is unable to do anything useful
>>>
>> What type of interface(s) connect the 7200 upstream and what traffic
>> rates & packet types are killing the box?
>>
>
> Fast Ethernet and/or Gigabit Ethernet interfaces, hence my thinking that
> a PC would be appropriate. Not sure if I want to use the two Mac Minis
> like in that recent post to this list, but that's the idea.
>
> I don't recall the exact numbers, but I remember that even a mere 20-30 Mb
> of traffic in short packets would send the 7200 begging for mercy. I don't
> need to screen out all potential attacks, but I do need the ability to
> screen out any particular attack as soon as we detect it so we can get
> our traffic rolling again.
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
More information about the cisco-nsp
mailing list