>>>>> "Alan" == Alan Brown <alanat_private> writes: Alan> On Sun, 13 Feb 2000, Darren Reed wrote: >> You know if anyone was of a mind to find someone at fault over this, >> I'd start pointing the finger at ISP's who haven't been doing this >> due to "performance reasons". Alan> To be fair, if you do this on most terminal servers (eg, Cisco 5300, Max Alan> 4000), they will collapse under the load. What!? What did you try, applying ACLs to every modem line? A _sufficient_ defense is to apply an outbound access list on the network interface of the terminal server, permiting sources of all subnets served by that terminal server and denying all other source IP addresses. This is a _very_ small ACL, and it's fast-path. If that's enough to cause the router to collapse, it had zero headroom to start with, and was about to become a boat anchor. -- Carson Gaspar -- carsonat_private carsonat_private carsonat_private http://www.cs.columbia.edu/~carson/home.html Queen Trapped in a Butch Body
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:35:31 PDT