Using Policy Routing to stop DoS attacks

• Previous message (by thread): Using Policy Routing to stop DoS attacks
• Next message (by thread): Using Policy Routing to stop DoS attacks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 25 Mar 2003 09:06:01 -0500
Christian Liendo <cliendo at globix.com> wrote:

> I am sorry if this was discussed before, but I cannot seem to find
> this. I want to use source routing as a way to stop a DoS rather than
> use access-lists.

If you fooled the router into thinking that the reverse path for the
source is on another another interface and then used strict unicast RPF
checking, that may accomplish what you want without using ACLs.  I don't
know what impact it would have on your CPU however, you'll have to
investigate or provide more details.

Note, depending on the platform and configuration, filters/ACLs may have
an insignficant impact on the CPU.  If they don't, don't forget to
complain to your vendor.  :-)

John

• Previous message (by thread): Using Policy Routing to stop DoS attacks
• Next message (by thread): Using Policy Routing to stop DoS attacks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]