[58418] in North American Network Operators' Group
Re: Using Policy Routing to stop DoS attacks
daemon@ATHENA.MIT.EDU (Stefan Mink)
Tue May 13 03:48:36 2003
Date: Tue, 13 May 2003 09:46:50 +0200
From: Stefan Mink <mink@schlund.net>
To: Lars Higham <lhigham@communicationsmanagement.com>
Cc: nanog@merit.edu
In-Reply-To: <006501c31876$d5a31c30$9700a8c0@gs1851>
Errors-To: owner-nanog-outgoing@merit.edu
--7iMSBzlTiPOCCT2k
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, May 12, 2003 at 04:38:30PM +0530, Lars Higham wrote:
> Ya, you configure the next-hop of the source route(s) to discard -
just if I got this right: On both, Juniper and Cisco, if the
source OR destination address is reachable via [NULL0|Discard],=20
the packet gets dropped if RPF is enabled on the interface.
Does this work in loose mode too?
Thanx &&
tschuess
Stefan Mink
--=20
Stefan Mink, Schlund+Partner AG (AS 8560)
Primary key fingerprint: 389E 5DC9 751F A6EB B974 DC3F 7A1B CF62 F0D4 D2BA
--7iMSBzlTiPOCCT2k
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE+wKLqehvPYvDU0roRAhkxAKCXlTKhOjAfjzoWE2KrzhfpXXMAgwCcCZZY
QLr2Z7OLm1TXCOuqm/RrcS8=
=q31J
-----END PGP SIGNATURE-----
--7iMSBzlTiPOCCT2k--
