[27377] in North American Network Operators' Group
Re: Cisco - ip verify unicast reverse-path
daemon@ATHENA.MIT.EDU (Paul Ferguson)
Mon Feb 14 20:14:50 2000
Message-Id: <4.2.2.20000214201116.00a58d30@lint.cisco.com>
Date: Mon, 14 Feb 2000 20:12:12 -0500
To: "Alberto U. Begliomini" <aub@coldstone.com>
From: Paul Ferguson <ferguson@cisco.com>
Cc: nanog@merit.edu
In-Reply-To: <38A8A0AD.978273DD@coldstone.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Errors-To: owner-nanog-outgoing@merit.edu
At 04:41 PM 02/14/2000 -0800, Alberto U. Begliomini wrote:
>If I limit the SYN traffic to 8kbs to host 10.0.0.1 like in the example, I
>have
>a DoS right there. Let's say the host I am CAR SYN is a web server instead,
>then an attacker just need to send 8kps of SYN traffic to prevent any useful
>access to my web server. Or am I missing something here?
The important thing to take away from this example is that
you have a tool to rate-limit traffic. How you set the thresholds
is an exercise for the reader. :-)
- paul
