RE: Using Policy Routing to stop DoS attacks

From: Jim Deleskie (no email)
Date: Tue Mar 25 2003 - 10:33:43 EST


>If you fooled the router into thinking that the reverse path for the
>source is on another another interface and then used strict unicast RPF
>checking, that may accomplish what you want without using ACLs. I don't
>know what impact it would have on your CPU however, you'll have to
>investigate or provide more details.

However you'd also risk loosing any traffic that was asymmetric in nature.

-Jim








Hosted Email Solutions

Invaluement Anti-Spam DNSBLs



Powered By FreeBSD   Powered By FreeBSD