--===============1823097432==
Content-Type: multipart/alternative; boundary="0-1597150568-1205429605=:81891"

--0-1597150568-1205429605=:81891
Content-Type: text/plain; charset=us-ascii

All,

UDP checksum is optional, if the checksum field is 0, there is no checksum.

roel

----- Original Message ----
From: Paul D. Robertson
To: Firewall Wizards Security Mailing List
Sent: Thursday, March 13, 2008 9:43:14 AM
Subject: Re: [fw-wiz] syslog and network management

On Mon, 3 Mar 2008, Darden, Patrick S. wrote:

> UDP is a LOT faster than TCP. No ECC so it uses less cpu, less memory,
> and has less of a memory footprint. If you were dropping a lot of UDP,
> then TCP would not help at all--you would receive less, just more
> reliably.


First, Cisco routers drop UDP on overlaod before they drop TCP, so if your
log server isn't on the same subnet, that may mean TCP is a better choice
if you're getting flooded.

Second, it depends on your buffers with TCP, but at least you'd know on
the receiving end that you're dropping packets. With buffer tuning, you
may be able to withstand flooding the log server and catching up again.

Third, I'm pretty sure the RFCs say that UDP must default to checksumming
packets.


Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@compuwar.net which may have no basis whatsoever in fact."
http://www.fluiditgroup.com/blog/pdr/
Art: http://PaulDRobertson.imagekind.com/

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards






__________________________________________________ __________________________________
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
--0-1597150568-1205429605=:81891
Content-Type: text/html; charset=us-ascii

All,

UDP checksum is optional, if the checksum field is 0, there is no checksum.

                      roel

----- Original Message ----
From: Paul D. Robertson <paul@compuwar.net>
To: Firewall Wizards Security Mailing List <firewall-wizards@listserv.icsalabs.com>
Sent: Thursday, March 13, 2008 9:43:14 AM
Subject: Re: [fw-wiz] syslog and network management

On
Mon,
3
Mar
2008,
Darden,
Patrick
S.
wrote:

>
UDP
is
a
LOT
faster
than
TCP. 
No
ECC
so
it
uses
less
cpu,
less
memory,
>
and
has
less
of
a
memory
footprint. 
If
you
were
dropping
a
lot
of
UDP,
>
then
TCP
would
not
help
at
all--you
would
receive
less,
just
more
>
reliably.

First,
Cisco
routers
drop
UDP
on
overlaod
before
they
drop
TCP,
so
if
your
log
server
isn't
on
the
same
subnet,
that
may
mean
TCP
is
a
better
choice
if
you're
getting
flooded.

Second,
it
depends
on
your
buffers
with
TCP,
but
at
least
you'd
know
on
the
receiving
end
that
you're
dropping
packets. 
With
buffer
tuning,
you
may
be
able
to
withstand
flooding
the
log
server
and
catching
up
again.

Third,
I'm
pretty
sure
the
RFCs
say
that
UDP
must
default
to
checksumming
packets.


Paul
-----------------------------------------------------------------------------
Paul
D.
Robertson 
 
 
"My
statements
in
this
message
are
personal
opinions
aul@compuwar.net" href="mailtoaul@compuwar.net">paul@compuwar.net 
 
 

which
may
have
no
basis
whatsoever
in
fact."
 
 
 
 
 
 

http://www.fluiditgroup.com/blog/pdr/
 
 
 
 
 

Art:
http://PaulDRobertson.imagekind.com/

_______________________________________________
firewall-wizards
mailing
list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards




Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. http://mobile.yahoo.com/;_ylt=Ahu06i...Dypao8Wcj9tAcJ "> Try it now.
--0-1597150568-1205429605=:81891--

--===============1823097432==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards

--===============1823097432==--