From: Karsten McMinn (tenyougmail.com)
Date: Fri Jan 28 2005 - 12:21:44 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

sure. The iptables box was an old amd k6-300 processor, 2.2 kernel,
the iptables distro wasn't a new one I know that.

The cisco platform was a 7204, npe400, running 12.2(18)s, using
Cisco's NBAR code to catch requests and police/ratelimit them.

-k

On Fri, 28 Jan 2005 09:39:36 -0500, MikeM <zlistsmgm51.com> wrote:
> On 1/27/2005 at 11:16 AM Karsten McMinn wrote:
>
> |I've returned to misc. Passing on some information for those that deem
> |it useful. I've been using OpenBSD since 2.9 for many things. I also
> |use it in the enterprise for services at an ISP also. Recently we had
> |a small domain attract a very large scale ddos. I nominated
> |OpenBSD+squid/pf for the job. Stripped kernel, squid compiled
> |transparent with a large amount of file descriptors, 2nics running in
> |bridge mode, separate webserver behind one of the nics.
> |
> |[snip]
> |
> |This machine is a old dell optiplex recovered to do a job where
> |iptables and the best of cisco ios firewall features couldnt keep up.
> =============
>
> Can you give more info on the box that ran iptables (CPU, memory), and what
> model cisco firewalls couldn't keep up?
>
> Thanks.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]