[j-nsp] ASR1002 Comparitive
Ben Steele
illcritikz at gmail.com
Wed Nov 18 02:49:34 EST 2009
Ok fair point, locally originated attacks are bad no matter you have some
times.
I'll stop hijacking this thread and let the OP get on with their choice :)
On Wed, Nov 18, 2009 at 6:40 PM, Dobbins, Roland <rdobbins at arbor.net> wrote:
>
> On Nov 18, 2009, at 2:38 PM, Ben Steele wrote:
>
> > any attack > 100Mbs is going to be dropped(tail-drop/rate-limit whatever
> method the ISP implements) before it even makes it to the poor
> software-based router and given the almost 300Mbs @ 64-byte spec I don't
> think it would have a problem with it, usual CoPP applying.
>
> You're assuming the attack is 'inbound' - often, this isn't the case.
>
> ;>
>
> I've also seen software-based routers absolutely crushed by the sheer
> number of flows engendered by DNS amplification attacks, when an open
> recursor is soutbhound of said software-based router and the miscreants are
> bouncing an attack through it.
>
> -----------------------------------------------------------------------
> Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
>
> Injustice is relatively easy to bear; what stings is justice.
>
> -- H.L. Mencken
>
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list