Using Policy Routing to stop DoS attacks

• Previous message (by thread): Using Policy Routing to stop DoS attacks
• Next message (by thread): Using Policy Routing to stop DoS attacks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> uRPF will certainly save a bit of CPU cycles than access-lists or policy
> routing.. it would be intertesting to know any kind of 'common practice'
> ways people use to fool the router so that it will think such offensive
> source IP's are hitting uRPF.

null route? even with a loose check, if you implement some kind of
blackhole system, send the miscreant source adress to say, 172.1.1.1 and
have 172.1.1 routed to null 0, uRPF should kill any src/dst packets for
the host/block if i'm not mistaken.

• Previous message (by thread): Using Policy Routing to stop DoS attacks
• Next message (by thread): Using Policy Routing to stop DoS attacks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]