[c-nsp] OT: Cisco IDSM-2 Deployment Scenario Question

Dobbins, Roland rdobbins at arbor.net
Tue Apr 6 00:15:54 EDT 2010


On Apr 6, 2010, at 10:35 AM, Felix Nkansah wrote:

> The requirement is to deploy a new Cisco IDSM-2 module inline on the core/distribution 6509 switch such that user traffic destined to servers is subjected to application inspection and prevention.

A recipe for disaster - self-DoS waiting to happen.

Stateful devices like this have no place in front of servers:

<http://www.nanog.org/meetings/nanog48/presentations/Monday/Kaeo_FilterTrend_ISPSec_N48.pdf>

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

    Injustice is relatively easy to bear; what stings is justice.

                        -- H.L. Mencken






More information about the cisco-nsp mailing list