[56978] in North American Network Operators' Group
Re: Using Policy Routing to stop DoS attacks
daemon@ATHENA.MIT.EDU (Haesu)
Tue Mar 25 12:28:26 2003
Date: Tue, 25 Mar 2003 12:27:59 -0500 (EST)
From: Haesu <haesu@towardex.com>
To: "Christopher L. Morrow" <chris@UU.NET>
Cc: <jtk@aharp.is-net.depaul.edu>, <nanog@merit.edu>
In-Reply-To: <Pine.GSO.4.33.0303251654050.16800-100000@rampart.argfrp.us.uu.net>
Errors-To: owner-nanog-outgoing@merit.edu
> >
> > i am not really sure what kind of traffic we are talking about,
> > but if its around 100Mbits/sec or so bandwidth, TurboACL should do it just
> > fine (around ~20% or lower CPU usage on a 7206VXR with NPE-G1)
>
> most likely the pps would kill the 5500 long before the bps :( especially
> if you want to route/acl it.
yea you're right.. for that "100Mbits/sec" bps i mentioned, the pps at
that rate was around 20,000 pps inbound as well as 18,000 pps outbound.
-hc
>
> >
> > -hc
> >
> > On Tue, 25 Mar 2003, John Kristoff wrote:
> >
> > >
> > > On Tue, 25 Mar 2003 09:06:01 -0500
> > > Christian Liendo <cliendo@globix.com> wrote:
> > >
> > > > I am sorry if this was discussed before, but I cannot seem to find
> > > > this. I want to use source routing as a way to stop a DoS rather than
> > > > use access-lists.
> > >
> > > If you fooled the router into thinking that the reverse path for the
> > > source is on another another interface and then used strict unicast RPF
> > > checking, that may accomplish what you want without using ACLs. I don't
> > > know what impact it would have on your CPU however, you'll have to
> > > investigate or provide more details.
> > >
> > > Note, depending on the platform and configuration, filters/ACLs may have
> > > an insignficant impact on the CPU. If they don't, don't forget to
> > > complain to your vendor. :-)
> > >
> > > John
> > >
> > >
> >
>
>
