On Sun, Feb 21, 2010 at 08:05:39PM +0100, Pete Vickers wrote: > Hi, > > I think you misunderstand me, I was not trying to argue that Cisco's firewall > offerings are any better or worse than OpenBSD based solutions. I was merely > pointing out that: > > - A _correctly_configured_ Cisco 6500/7600 SUP is not vulnerable to "a few > Mbps of multicast traffic" as alleged by claudio. (unless someone has a new > non-disclosed attack).
It is good that you higlight _correctly_configured_. Cisco's default settings will not protect the SUP and even experts struggle with correctly configuring them. This is why secure by default matters. > > - 6500/7600 can do HW stateful FWing, e.g. FWSM (which is not a line card) , > but which is obviously a different budget the a PC running OpenBSD. > This is a special module that costs about $15k and is capable of handling 5Gbps traffic according to the cisco homepage. Honestly for $15k you can get an OpenBSD system that can handle a similar amount of traffic. -- :wq Claudio
