codered/nimda blocking

[Patrick McManus]

[Derek D. Martin: Tue, Nov 06, 2001 at 12:59:18PM -0500]

> It seems to me you're completely missing my point.  If my network is
> overloaded, it doesn't matter whether it's with HTTP packets, ICMP

I 'missed your point' because it is a non-sequitr from the one that
was asked.

apparently calling folks you'd never met or interacted with "stupid
and/or lazy" didn't leave you enough time to read the actual question:

"getting hit. Even though they are not vulnerable, the actual load
from the Code Red/Nimda traffic is so high that it is causing
noticeable slowdowns on those portions of our site that use those
servers."

Its a server problem. The problem is not shared on other portions of
the site that are already filtered via load balancer. (the lb is an
application layer solution btw.) I read the question.

as far as routers being firewalls that's just folly meant to be
argumentative. you said " Granted, they usually have a good bit of
software dedicated to the task which the average router doesn't, but
what's the difference?"  In the context of an ISPs router (again, the
topic at hand), there's a big difference and and I told you what it
was.

and in case it still isn't clear, NBAR still lets a significant portion
of the flow through anyhow (the syn/syn-ack/ack) which is probably 35%
of the total data flow.. and it causes full connection tables
that applications will hate and will result in port number exhaustion
for the kernel.