[56972] in North American Network Operators' Group
Re: Using Policy Routing to stop DoS attacks
daemon@ATHENA.MIT.EDU (fingers)
Tue Mar 25 10:20:06 2003
Date: Tue, 25 Mar 2003 17:19:29 +0200 (SAST)
From: fingers <fingers@fingers.co.za>
To: nanog@merit.edu
In-Reply-To: <Pine.LNX.4.33.0303251009310.28569-100000@bkr.towardex.com>
Errors-To: owner-nanog-outgoing@merit.edu
> uRPF will certainly save a bit of CPU cycles than access-lists or policy
> routing.. it would be intertesting to know any kind of 'common practice'
> ways people use to fool the router so that it will think such offensive
> source IP's are hitting uRPF.
null route? even with a loose check, if you implement some kind of
blackhole system, send the miscreant source adress to say, 172.1.1.1 and
have 172.1.1 routed to null 0, uRPF should kill any src/dst packets for
the host/block if i'm not mistaken.
