Re: [Re: Which Part(s) Failed in the recent DOS Attacks?]

[Richard Steenbergen <ras () above net>]

On Tue, Mar 18, 2036 at 03:33:35AM -0700, Toplez Razer wrote:
> Joe,
> Firewall-1 has the SynDefender and Cisco IOS 12.0 has TCP Intercept for
> stopping TCP DOS.  Could these features stop massive TCP DOS attacks?

Not a chance in hell. Anything short of a GSR has problems forwarding or
flat out dropping (supprisingly often times you get better performance
from CAR then an acl deny) the number of packets/sec, Packet inspection,
especially of the involved nature of TCP Intercept, is totally useless for
attacks of this size. TCP Intercept performance is closer to that of a
unix machine with a protected kernel, it will do better then the original
kernels back in the day when PANIX was DoS'd by dialup-speed floods,
actually it will compete with a very strong unix box running top notch
code that still has to process the SYN and attempt a connection, but thats
still at least an order of magnitude too little...

-- 
Richard A. Steenbergen <ras () above net>  http://users.quadrunner.com/humble
PGP Key ID: 0x60AB0AD1  (E5 35 10 1D DE 7D 8C A7  09 1C 80 8B AF B9 77 BB)
MFN / AboveNet Communications Inc - ISX Network Engineer, Vienna VA