All,
UDP checksum is optional, if the checksum field is 0, there is no checksum.
roel
----- Original Message ----
From: Paul D. Robertson <paul_at_compuwar.net>
To: Firewall Wizards Security Mailing List <firewall-wizards_at_listserv.icsalabs.com>
Sent: Thursday, March 13, 2008 9:43:14 AM
Subject: Re: [fw-wiz] syslog and network management
On Mon, 3 Mar 2008, Darden, Patrick S. wrote:
> UDP is a LOT faster than TCP. No ECC so it uses less cpu, less memory,
> and has less of a memory footprint. If you were dropping a lot of UDP,
> then TCP would not help at all--you would receive less, just more
> reliably.
First, Cisco routers drop UDP on overlaod before they drop TCP, so if your
log server isn't on the same subnet, that may mean TCP is a better choice
if you're getting flooded.
Second, it depends on your buffers with TCP, but at least you'd know on
the receiving end that you're dropping packets. With buffer tuning, you
may be able to withstand flooding the log server and catching up again.
Third, I'm pretty sure the RFCs say that UDP must default to checksumming
packets.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul_at_compuwar.net which may have no basis whatsoever in fact."
http://www.fluiditgroup.com/blog/pdr/
Art: http://PaulDRobertson.imagekind.com/
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
____________________________________________________________________________________
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Mar 13 2008
Intro
