[c-nsp] ACK/RST rate-limit?

Rakesh Hegde rakeshh at gmail.com
Tue Nov 4 11:41:56 EST 2008


Have you tried control plane polcing ?

-Rakesh


On Tue, Nov 4, 2008 at 10:20 AM, Nemeth Laszlo <csirek at cooler.hu> wrote:

> Hi List,
>
> I have a Cisco 7600 / Sup720-3BXL (12.2.18SXF6).
>
> Only the telnet port (23/tcp) is open.
>
> If i try to open a session to a random port, i get back a TCP ACK/RST
> packet from the CPU. I think it is normal. :)
>
> But if I send lot of SYN packets to random ports, i get back lot of ACK/RST
> but it send the CPU to me, and it will make a big load on the CPU.
>
> So the question: can i limit the number of ACK/RST packets/sec what the
> router send back to the SYN sender?
>
> Thanks!
>
> Laszlo
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list