[56973] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

RE: Using Policy Routing to stop DoS attacks

daemon@ATHENA.MIT.EDU (Jim Deleskie)
Tue Mar 25 10:34:56 2003

From: Jim Deleskie <jdeleski@rci.rogers.com>
To: "'jtk@aharp.is-net.depaul.edu'" <jtk@aharp.is-net.depaul.edu>,
	nanog@merit.edu
Date: Tue, 25 Mar 2003 10:33:43 -0500
Errors-To: owner-nanog-outgoing@merit.edu




>If you fooled the router into thinking that the reverse path for the
>source is on another another interface and then used strict unicast RPF
>checking, that may accomplish what you want without using ACLs.  I don't
>know what impact it would have on your CPU however, you'll have to
>investigate or provide more details.


However you'd also risk loosing any traffic that was asymmetric in nature.


-Jim


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[56973] in North American Network Operators' Group

RE: Using Policy Routing to stop DoS attacks

daemon@ATHENA.MIT.EDU (Jim Deleskie)Tue Mar 25 10:34:56 2003

daemon@ATHENA.MIT.EDU (Jim Deleskie)
Tue Mar 25 10:34:56 2003