Security Incidents mailing list archives
Re: Arrowpoint CS-100 atack
From: "Duquette, John" <john.duquette () EDS COM>
Date: Tue, 17 Oct 2000 16:58:40 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is not accurate. I will quote from f5's web site on this: "Can reap idle connections (thwarts Denial of Service attacks) Can perform source route tracing (thwarts IP spoofing) Resists unacknowledged SYN without ACK buffers (thwarts SYN floods)" John
The arrowpoints are great in the fact that they help to prevent SYN,Illegal Src attacks, etc. Since unlike most loadbalacners, which will blindly loadbalance any attack(BigIP) or use some kind of Counters(Alteons), During a regular TCP handshake the Arrowpoint intercept the packet destin for loadbalanced machines, spoof the connection and sends a SYN ACK back to the source if the source does not answer back the connection is drop. This all takes alot of CPU, and if the attack is great it will overwelm the CPU as is in the case of what is happening to you right now.. YOU dont want to turn this feature off, you have more other important issue's to worry about here, since turning off these features the attack will be passed on to your machines, which will be hammered. You have some choices here, get a higher end arrowpoint.. CS-150?? If the load of traffic + attack will be too great for the 150, go 800, these are modular and can be very expensive but worth all the money. Since its modular it can grow as your network grows..
-----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com> iQA/AwUBOey9hNwfv0dRtjgLEQLLrQCfQvFifG3MpJEfih5Aomekay/P8r8An1fv /42H6UKiPXsmVPwHS0jFJOO8 =a1Nf -----END PGP SIGNATURE-----
Current thread:
- Re: Arrowpoint CS-100 atack Duquette, John (Oct 19)
- <Possible follow-ups>
- Re: Arrowpoint CS-100 atack Albert Saerong (Oct 19)