[c-nsp] OT: Cisco IDSM-2 Deployment Scenario Question
Dobbins, Roland
rdobbins at arbor.net
Tue Apr 6 00:15:54 EDT 2010
On Apr 6, 2010, at 10:35 AM, Felix Nkansah wrote:
> The requirement is to deploy a new Cisco IDSM-2 module inline on the core/distribution 6509 switch such that user traffic destined to servers is subjected to application inspection and prevention.
A recipe for disaster - self-DoS waiting to happen.
Stateful devices like this have no place in front of servers:
<http://www.nanog.org/meetings/nanog48/presentations/Monday/Kaeo_FilterTrend_ISPSec_N48.pdf>
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Injustice is relatively easy to bear; what stings is justice.
-- H.L. Mencken
More information about the cisco-nsp
mailing list