On 7/13/10 11:11 AM, Dobbins, Roland wrote:
On Jul 14, 2010, at 1:02 AM, Matthew Kaufman wrote:
Dangerous in places where forwarding table exceeds hardware cache
limits. (See Code Red worm stories)
During the Code Red/Nimda period (2001), and on into the
Slammer/Blaster/Nachi period (2003), all the routers I personally
know of which were adversely affected were software-based, didn't
make use of ASICs for forwarding.
Having msdp turned on was a great way to get nuked by slammer regardless
of your choice of forwarding technology.
Which reminds me control plane protection is about more than just acls
and rate limiting.
-----------------------------------------------------------------------
Roland Dobbins<rdobb...@arbor.net> //<http://www.arbornetworks.com>
Injustice is relatively easy to bear; what stings is justice.
-- H.L. Mencken