Re: Re[2]: SYN floods (was: does history repeat itself?)
On Sep 10, 2:07pm, Alexis Rosen wrote:
Subject: Re: Re[2]: SYN floods (was: does history repeat itself?)
Also true. As I said before, I don't know about the Ascends, but I do know that the Xylogics boxes we use have the capability but probably not the capacity. When all ports are connected at 28.8, CPU usage can hover in the high 80% range. Adding filters would probably be a bad idea.
That's why I was talking about filtering at a router just upstream from the dial-access box.
FWIW, even with a thousand very busy modems, I'm pretty sure that even a small cisco is up to the job. They just don't generate all that much traffic.
-- End of excerpt from Alexis Rosen
The Ascends can also do this but I agree that you wouldn't want to filter at the NAS. Logistical reasons are reason enough to filter at an upstream router where the dialup traffic is aggregated. -- Sharif Torpis (storpis@pbi.net) \ | / P A C I F I C Pacific Bell Internet -->*<-- B E L L Network Engineering / | \ I N T E R N E T San Francisco, CA USA
Sharif Torpis writes:
The Ascends can also do this but I agree that you wouldn't want to filter at the NAS. Logistical reasons are reason enough to filter at an upstream router where the dialup traffic is aggregated.
On top of that, from what I've heard about Ascend's software, I'd rather use cisco's filters, since thier software is better. Alec -- +------------------------------------+--------------------------------------+ |Alec Peterson - chuckie@panix.com | Panix Public Access Internet and UNIX| |Network Administrator/Architect | New York City, NY | +------------------------------------+--------------------------------------+
participants (2)
-
Alec H. Peterson -
Sharif Torpis