[Dshield] ACL impact on router performance

Guy Barnum GuyBarnum at Armscole.com
Sun Feb 22 00:09:15 GMT 2004


-----Original Message-----
From: Jon R. Kibler [mailto:Jon.Kibler at aset.com]
Sent: Thursday, February 19, 2004 2:25 PM
To: list at dshield.org
Subject: [Dshield] ACL impact on router performance

Does anyone have any hard stats on the impact of ACLs on router
performance?
<snip>

I can tell you personally using a CISCO 501 PIX to stop a port 135 scan
originating somewhere on my network basically kills my internet
connection on 1mb broadband.  With that outgoing port blocked it causes
so much overhead I can't browse to a web page from any workstation on
the network.

GLB




More information about the list mailing list