Efficient DoS filter

• Previous message (by thread): Efficient DoS filter
• Next message (by thread): [WANTED] Real Audio Archive for Last NANOG Meeting.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Why not use loopback0, I thought that was fast switched?


Hasn't this horse been killed by now?



On Sat, 28 Mar 1998, Alex Bligh wrote:

> I think this is an operational issue, at least for those running Cisco.
> 
> Having just been hit by 10Mb/s of DoS attack and finding a 75xx has
> difficulty filtering it, here is quite a nice way (assuming we're
> talking a randomized source, single destination attack).
> 
> Find your favorite ATM interface (sorry Sean). Set up a sub-interface
> covering the IP address concerned, put in a map-list to the duff
> interface, and put it on a VC that doesn't go anywhere through your
> ATM switch. This way the ATM switch foes the filtering.
> 
> PLEASE can we have hardware assisted switching to null0: if anyone's
> listening at Cisco? Nothing else would filter this out (no convenient
> LANs nearby, serial type interface just sends the data anyway etc...).
> This would probably work on FR too.
> 
> Alex Bligh
> GX Networks (formerly Xara Networks)
> 
> 

-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
                  Atheism is a non-prophet organization.

       Alex Rubenstein, alex at nac.net, KC2BUO, ISP/C Charter Member
               Father of the Network and Head Bottle-Washer
     Net Access Corporation, 9 Mt. Pleasant Tpk., Denville, NJ 07834
 Don't choose a spineless ISP! We have more backbone!  http://www.nac.net
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --

• Previous message (by thread): Efficient DoS filter
• Next message (by thread): [WANTED] Real Audio Archive for Last NANOG Meeting.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]