Efficient DoS filter

• Previous message (by thread): more directed broadcast attacks
• Next message (by thread): Efficient DoS filter
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I think this is an operational issue, at least for those running Cisco.

Having just been hit by 10Mb/s of DoS attack and finding a 75xx has
difficulty filtering it, here is quite a nice way (assuming we're
talking a randomized source, single destination attack).

Find your favorite ATM interface (sorry Sean). Set up a sub-interface
covering the IP address concerned, put in a map-list to the duff
interface, and put it on a VC that doesn't go anywhere through your
ATM switch. This way the ATM switch foes the filtering.

PLEASE can we have hardware assisted switching to null0: if anyone's
listening at Cisco? Nothing else would filter this out (no convenient
LANs nearby, serial type interface just sends the data anyway etc...).
This would probably work on FR too.

Alex Bligh
GX Networks (formerly Xara Networks)

• Previous message (by thread): more directed broadcast attacks
• Next message (by thread): Efficient DoS filter
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]