[c-nsp] 6500/7600 TCAM Usage
Tom Hill
tom at ninjabadger.net
Mon Jun 6 19:20:27 EDT 2016
On 03/06/16 16:49, James Bensley wrote:
> But equally a last look-up time means prefixes used more frequently
> due to background scatter and bots just aimless scanning looking for
> open telnet ports with no other genuine traffic can be favoured over
> more "useful" / "valuable" but less freqeuncy used prefixes - so
> either way I don't like that idea.
I'd be interested in knowing how many prefixes are actually involved in
port knocking at any one time... I'd wager the number is lower than
you'd think; thousands, rather than hundreds of thousands.
Still, one DDoS with enough disparate, spoofed sources and you're toast.
--
Tom
More information about the cisco-nsp
mailing list