codered/nimda blocking
Patrick McManus
mcmanus at appliedtheory.com
Tue Nov 6 13:35:04 EST 2001
[Derek D. Martin: Tue, Nov 06, 2001 at 12:59:18PM -0500]
> It seems to me you're completely missing my point. If my network is
> overloaded, it doesn't matter whether it's with HTTP packets, ICMP
I 'missed your point' because it is a non-sequitr from the one that
was asked.
apparently calling folks you'd never met or interacted with "stupid
and/or lazy" didn't leave you enough time to read the actual question:
"getting hit. Even though they are not vulnerable, the actual load
from the Code Red/Nimda traffic is so high that it is causing
noticeable slowdowns on those portions of our site that use those
servers."
Its a server problem. The problem is not shared on other portions of
the site that are already filtered via load balancer. (the lb is an
application layer solution btw.) I read the question.
as far as routers being firewalls that's just folly meant to be
argumentative. you said " Granted, they usually have a good bit of
software dedicated to the task which the average router doesn't, but
what's the difference?" In the context of an ISPs router (again, the
topic at hand), there's a big difference and and I told you what it
was.
and in case it still isn't clear, NBAR still lets a significant portion
of the flow through anyhow (the syn/syn-ack/ack) which is probably 35%
of the total data flow.. and it causes full connection tables
that applications will hate and will result in port number exhaustion
for the kernel.
More information about the Discuss
mailing list