richard@o-matrix.org (Richard) wrote:
Ethernet to the primary upstream. I think that the lesson is _always_ use a router powerful enough to handle all ingress traffic at wire rate. Without access to the router, there is nothing you can do. So we are going to switch out the router.
If you are mostly concerned about not being able to use the router console during attacks, you may change the CPU scheduling a bit. A brief "scheduler allocate 60000 2000" has helped me a lot there. The box stays manageable. This does of course not help you with the router "going dead" in regard to packet forwarding... Yours, Elmi. -- "Begehe nur nicht den Fehler, Meinung durch Sachverstand zu substituieren." (PLemken, <bu6o7e$e6v0p$2@ID-31.news.uni-berlin.de>) --------------------------------------------------------------[ ELMI-RIPE ]---