Using Policy Routing to stop DoS attacks
Rafi Sadowsky
rafi-nanog at meron.openu.ac.il
Tue Mar 25 14:33:15 UTC 2003
## On 2003-03-25 09:06 -0500 Christian Liendo typed:
[snip]
CL>
CL> Depending on the router and the code, if I implement an access-list then
CL> the CPU utilization shoots through the roof.
CL> What I would like to try and do is use source routing to route that traffic
CL> to null. I figured it would be easier on the router than an access-list.
CL>
CL> Has anyone else tried this successfully on ciscos and junipers?
CL> Is it easier on the CPU than access-lists?
Details ?
Which Cisco router ? IOS ?
HW/SW/CEF/netflow/<whatver> "IP switching" ?
As you seem to have noticed these "little details" matter ...
--
Rafi
More information about the NANOG
mailing list