nanog mailing list archives

DDoS: CAR vs TCP-Intercept vs NetFlow

From: "Rubens Kuhl Jr." <rkuhljr () uol com br>
Date: Mon, 28 Feb 2000 22:53:41 -0300



Have anyone performed an evalution of rate-limiting SYN packets (CAR) versus
using TCP-Intercept ? What responds better to a DDoS attack (assume
SYN-flooding only) ? What uses more router resources ?

For better performance of CAR or TCP-Intercept, NetFlow switching (ip
route-cache flow) should also be used, besides CEF ?



Rubens Kuhl Jr.

Current thread:

DDoS: CAR vs TCP-Intercept vs NetFlow Rubens Kuhl Jr. (Feb 28)
- Re: DDoS: CAR vs TCP-Intercept vs NetFlow Richard Steenbergen (Feb 28)
- [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow Paul Ferguson (Feb 28)
  - RE: [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow Rubens Kuhl Jr. (Feb 28)
    - RE: [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow Paul Ferguson (Feb 28)
    - RE: [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow Vijay Gill (Feb 28)
    - Message not available
    - RE: [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow Paul Ferguson (Feb 28)
    - Re: [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow Valdis . Kletnieks (Feb 28)
    - Re: [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow Richard Steenbergen (Feb 28)
    - Re: [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow Paul Ferguson (Feb 28)