[j-nsp] Juiper denial of service attacks...
Rob Walton
robert.walton at dante.org.uk
Mon Jan 12 05:18:03 EST 2004
Hi,
The bottom line is, from my experience, regardless of
configuration, cards you installed in the box or JUNOS version - a Juniper
box can easily discard large amounts of traffic without fear of it 'doing a
cisco'.
cheers,
Rob
At 07:41 11/01/2004 +0000, Christopher Morrow wrote:
>On Jan 11, 2004, at 6:42 AM, Alex Rubenstein wrote:
>
>>
>>
>>On Sun, 11 Jan 2004, Christopher Morrow wrote:
>>
>>>>The GSR's are ok, but frankly an M5 blows it out of the water.
>>>>You can barely filter on a GSR...
>>>
>>>This does depend highly on IOS revision, linecard revision, features
>>>currently in use...
>>
>>
>>AHA! Are you saying that comparing GSR and the associated technology of
>>when it came out 5 years ago (old 12.0, engine-0) with an M5 is not a
>>reasonable comparison?
>Sure... you could say that, though 5 years ago was there a oc-12 card
>availble for the GSR? or just oc3? Stable 12.0 release then?
>
>The E0 cards will filter 'fine' with 12.0 and oc3 or oc12 ATM cards seem
>to fitler 'ok', not to the detail of an M5, but that wasn't out 5 years
>ago either...
>
>Apples != Oranges, but Alex already knew that I suspect. My point was just
>that if you see a M5 today and a 'current' 12000 platform with 'current'
>cards you can make a fairly close comparison for this space (dos attack
>filtering)...
>
>-Chris
>
>_______________________________________________
>juniper-nsp mailing list juniper-nsp at puck.nether.net
>http://puck.nether.net/mailman/listinfo/juniper-nsp
_________________________________________________________________
* * Rob Walton - Network engineer
* *
* Francis House Tel +44 1223 302 992
* 112 Hills Road Fax +44 1223 303 005
* Cambridge CB2 1PQ
D A N T E United Kingdom
_________________________________________________________________
More information about the juniper-nsp
mailing list