On 7/13/10 11:11 AM, Dobbins, Roland wrote:
On Jul 14, 2010, at 1:02 AM, Matthew Kaufman wrote:
Dangerous in places where forwarding table exceeds hardware cache limits. (See Code Red worm stories)
During the Code Red/Nimda period (2001), and on into the Slammer/Blaster/Nachi period (2003), all the routers I personally know of which were adversely affected were software-based, didn't make use of ASICs for forwarding.
Having msdp turned on was a great way to get nuked by slammer regardless of your choice of forwarding technology. Which reminds me control plane protection is about more than just acls and rate limiting.
-----------------------------------------------------------------------
Roland Dobbins<rdobbins@arbor.net> //<http://www.arbornetworks.com>
Injustice is relatively easy to bear; what stings is justice.
-- H.L. Mencken