Using Policy Routing to stop DoS attacks

Rafi Sadowsky rafi-nanog at meron.openu.ac.il
Tue Mar 25 14:33:15 UTC 2003



## On 2003-03-25 09:06 -0500 Christian Liendo typed:

[snip]
CL> 
CL> Depending on the router and the code, if I implement an access-list then 
CL> the CPU utilization shoots through the roof.
CL> What I would like to try and do is use source routing to route that traffic 
CL> to null. I figured it would be easier on the router than an access-list.
CL> 
CL> Has anyone else tried this successfully on ciscos and junipers?
CL> Is it easier on the CPU than access-lists?

Details ?

 Which Cisco router ? IOS ?
 HW/SW/CEF/netflow/<whatver>  "IP switching"  ?

 As you seem to have noticed these "little details" matter ...  

-- 
	Rafi






More information about the NANOG mailing list