RE: Using Policy Routing to stop DoS attacks

From: Jim Deleskie (no email)
Date: Tue Mar 25 2003 - 10:33:43 EST

• Next message: Rob Thomas: "ASN allocation update"
• Previous message: fingers: "Re: Using Policy Routing to stop DoS attacks"
• Maybe in reply to: Christian Liendo: "Using Policy Routing to stop DoS attacks"
• Next in thread: Christopher L. Morrow: "Re: Using Policy Routing to stop DoS attacks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

>If you fooled the router into thinking that the reverse path for the
>source is on another another interface and then used strict unicast RPF
>checking, that may accomplish what you want without using ACLs. I don't
>know what impact it would have on your CPU however, you'll have to
>investigate or provide more details.

However you'd also risk loosing any traffic that was asymmetric in nature.

-Jim

• Next message: Rob Thomas: "ASN allocation update"
• Previous message: fingers: "Re: Using Policy Routing to stop DoS attacks"
• Maybe in reply to: Christian Liendo: "Using Policy Routing to stop DoS attacks"
• Next in thread: Christopher L. Morrow: "Re: Using Policy Routing to stop DoS attacks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]