[15912] in North American Network Operators' Group
Re: Efficient DoS filter
daemon@ATHENA.MIT.EDU (Al Reuben)
Sat Mar 28 21:16:22 1998
Date: Sat, 28 Mar 1998 21:01:53 -0500 (EST)
From: Al Reuben <alex@nac.net>
To: Alex Bligh <amb@gxn.net>
cc: nanog@merit.edu
In-Reply-To: <199803282159.VAA29027@diamond.xara.net>
Why not use loopback0, I thought that was fast switched?
Hasn't this horse been killed by now?
On Sat, 28 Mar 1998, Alex Bligh wrote:
> I think this is an operational issue, at least for those running Cisco.
>
> Having just been hit by 10Mb/s of DoS attack and finding a 75xx has
> difficulty filtering it, here is quite a nice way (assuming we're
> talking a randomized source, single destination attack).
>
> Find your favorite ATM interface (sorry Sean). Set up a sub-interface
> covering the IP address concerned, put in a map-list to the duff
> interface, and put it on a VC that doesn't go anywhere through your
> ATM switch. This way the ATM switch foes the filtering.
>
> PLEASE can we have hardware assisted switching to null0: if anyone's
> listening at Cisco? Nothing else would filter this out (no convenient
> LANs nearby, serial type interface just sends the data anyway etc...).
> This would probably work on FR too.
>
> Alex Bligh
> GX Networks (formerly Xara Networks)
>
>
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Atheism is a non-prophet organization.
Alex Rubenstein, alex@nac.net, KC2BUO, ISP/C Charter Member
Father of the Network and Head Bottle-Washer
Net Access Corporation, 9 Mt. Pleasant Tpk., Denville, NJ 07834
Don't choose a spineless ISP! We have more backbone! http://www.nac.net
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
