[56966] in North American Network Operators' Group
Using Policy Routing to stop DoS attacks
daemon@ATHENA.MIT.EDU (Christian Liendo)
Tue Mar 25 09:08:36 2003
Date: Tue, 25 Mar 2003 09:06:01 -0500
To: nanog@merit.edu
From: Christian Liendo <cliendo@globix.com>
Errors-To: owner-nanog-outgoing@merit.edu
Looking for advice.
I am sorry if this was discussed before, but I cannot seem to find this.
I want to use source routing as a way to stop a DoS rather than use
access-lists.
In other words, lets say I know the source IP (range of IPs) of an attack
and they do not change.
If the destination stays the same I can easily null route the destination,
but what if the destination constantly changes. So I have to work based on
the source IP.
Depending on the router and the code, if I implement an access-list then
the CPU utilization shoots through the roof.
What I would like to try and do is use source routing to route that traffic
to null. I figured it would be easier on the router than an access-list.
Has anyone else tried this successfully on ciscos and junipers?
Is it easier on the CPU than access-lists?
Is there a link I cannot find on cisco or google?
Thanks
Christian Liendo
