[58422] in North American Network Operators' Group
Re: Using Policy Routing to stop DoS attacks
daemon@ATHENA.MIT.EDU (Jeff Kell)
Tue May 13 09:35:33 2003
Date: Tue, 13 May 2003 09:35:00 -0400
From: Jeff Kell <jeff-kell@utc.edu>
To: Stefan Mink <mink@schlund.net>
Cc: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
Stefan Mink wrote:
> On Mon, May 12, 2003 at 04:38:30PM +0530, Lars Higham wrote:
>
>>Ya, you configure the next-hop of the source route(s) to discard -
>
> just if I got this right: On both, Juniper and Cisco, if the
> source OR destination address is reachable via [NULL0|Discard],
> the packet gets dropped if RPF is enabled on the interface.
>
> Does this work in loose mode too?
Does it allow for a default route? e.g., can it be defined on the
default interface without a full routing table (so that sources from
other interfaces can be included in the spoof test)?
Jeff
