[c-nsp] do i *need* DFCs on the 6500?
Jared Mauch
jared at puck.nether.net
Wed Sep 2 09:03:18 EDT 2009
On Sep 2, 2009, at 8:48 AM, Drew Weaver wrote:
> Not to thread hijack here, but speaking of withstanding DoS attacks,
> has anyone seen any decent published baseline configurations for
> CoPP to deflect things similar to TTL Expiry attacks and the like?
> Perhaps some sort of template they use (if they can share it) would
> be really nice.
ttl expire can be protected with mls rate limiters. 10 100 seems plenty.
- jared
More information about the cisco-nsp
mailing list