Re: Re[2]: SYN floods (was: does history repeat itself?)

["Sharif Torpis" <storpis () pbi net>]

On Sep 10,  2:07pm, Alexis Rosen wrote:
> Subject: Re: Re[2]: SYN floods (was: does history repeat itself?)
>
> Also true. As I said before, I don't know about the Ascends, but I do know
> that the Xylogics boxes we use have the capability but probably not the
> capacity. When all ports are connected at 28.8, CPU usage can hover in
> the high 80% range. Adding filters would probably be a bad idea.
>
> That's why I was talking about filtering at a router just upstream from
> the dial-access box.
>
> FWIW, even with a thousand very busy modems, I'm pretty sure that even a
> small cisco is up to the job. They just don't generate all that much traffic.
>
> -- End of excerpt from Alexis Rosen


The Ascends can also do this but I agree that you wouldn't want to filter at
the NAS. Logistical reasons are reason enough to filter at an upstream router
where the dialup traffic is aggregated.


-- 
Sharif Torpis (storpis () pbi net)                        \ | /    P A C I F I C
Pacific Bell Internet                                 -->*<--      B E L L
Network Engineering                                    / | \   I N T E R N E T
San Francisco, CA   USA
- - - - - - - - - - - - - - - - -