Efficient DoS filter
Al Reuben
alex at nac.net
Sun Mar 29 02:01:53 UTC 1998
Why not use loopback0, I thought that was fast switched?
Hasn't this horse been killed by now?
On Sat, 28 Mar 1998, Alex Bligh wrote:
> I think this is an operational issue, at least for those running Cisco.
>
> Having just been hit by 10Mb/s of DoS attack and finding a 75xx has
> difficulty filtering it, here is quite a nice way (assuming we're
> talking a randomized source, single destination attack).
>
> Find your favorite ATM interface (sorry Sean). Set up a sub-interface
> covering the IP address concerned, put in a map-list to the duff
> interface, and put it on a VC that doesn't go anywhere through your
> ATM switch. This way the ATM switch foes the filtering.
>
> PLEASE can we have hardware assisted switching to null0: if anyone's
> listening at Cisco? Nothing else would filter this out (no convenient
> LANs nearby, serial type interface just sends the data anyway etc...).
> This would probably work on FR too.
>
> Alex Bligh
> GX Networks (formerly Xara Networks)
>
>
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Atheism is a non-prophet organization.
Alex Rubenstein, alex at nac.net, KC2BUO, ISP/C Charter Member
Father of the Network and Head Bottle-Washer
Net Access Corporation, 9 Mt. Pleasant Tpk., Denville, NJ 07834
Don't choose a spineless ISP! We have more backbone! http://www.nac.net
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
More information about the NANOG
mailing list