On 10 Jun 2001 11:59:22 -0700, R B wrote:
> But seriously, while the Captus box may keep that from making the leap from
> my CSU to network, what good is it if my T1's are saturated? I'm running
> GigE internally; why do I care about 3 or 4 Mbits of traffic, DoS or not?
>
> Yes, we definetely require an upstream solution of some kind. If I could
> just shut off traffic *floods* before they reach my T1's.....
You may find that advanced QoS protocols in newer routers (or OS
kernels) will allow you to avoid many DOS attacks by using various
fairness algorithms that don't allow one type of traffic and/or one
source address to get more than its "fair" share of your bandwidth.
This doesn't work against well-orchestrated Distributed DOS attacks,
yet.
--
Michael T. Babcock
CTO, FibreSpeed
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
