[c-nsp] 6500/7600 TCAM Usage

Tom Hill tom at ninjabadger.net
Mon Jun 6 19:20:27 EDT 2016


On 03/06/16 16:49, James Bensley wrote:
> But equally a last look-up time means prefixes used more frequently
> due to background scatter and bots just aimless scanning looking for
> open telnet ports with no other genuine traffic can be favoured over
> more "useful" / "valuable" but less freqeuncy used prefixes - so
> either way I don't like that idea.

I'd be interested in knowing how many prefixes are actually involved in
port knocking at any one time... I'd wager the number is lower than
you'd think; thousands, rather than hundreds of thousands.

Still, one DDoS with enough disparate, spoofed sources and you're toast.

-- 
Tom


More information about the cisco-nsp mailing list