On Thu, Sep 04, 2008 at 01:14:20PM -0400, Paul Wall wrote:
On Thu, Sep 4, 2008 at 12:45 PM, Jo Rhett <jrhett@netconsonance.com> wrote:
I'm sorry, but nonsense statements such as these burn the blood. Sure, yes, protecting yourself is so much more important than protecting anyone else.
Anyone else want to stand up and join the "I am an asshole" club?
uRPF is important. But all the uRPF in the world won't protect you against a little tcp/{22,23,179} SYN aimed at your Force 10 box.
Ya know what I mean?
Hey Paul, would you be able to demonstrate this problem? I'd like to see it so that we can investigate and fix it. You are correct that the first generation of E-Series hardware (EtherScale) had little control plane protection. The current E-Series hardware (TeraScale) has a completely different architecture that rate limits, queues and filters all packets destined to the control plane. Greg* (* I am currently employed by Force10.) -- Greg Hankins <ghankins@mindspring.com>