Using Policy Routing to stop DoS attacks

• Previous message (by thread): Gifts for a CTO who has everything ...
• Next message (by thread): Using Policy Routing to stop DoS attacks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Looking for advice.

I am sorry if this was discussed before, but I cannot seem to find this.
I want to use source routing as a way to stop a DoS rather than use 
access-lists.

In other words, lets say I know the source IP (range of IPs) of an attack 
and they do not change.

If the destination stays the same I can easily null route the destination, 
but what if the destination constantly changes. So I have to work based on 
the source IP.

Depending on the router and the code, if I implement an access-list then 
the CPU utilization shoots through the roof.
What I would like to try and do is use source routing to route that traffic 
to null. I figured it would be easier on the router than an access-list.

Has anyone else tried this successfully on ciscos and junipers?
Is it easier on the CPU than access-lists?
Is there a link I cannot find on cisco or google?

Thanks
Christian Liendo

• Previous message (by thread): Gifts for a CTO who has everything ...
• Next message (by thread): Using Policy Routing to stop DoS attacks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]