Using Policy Routing to stop DoS attacks
Jim Deleskie
jdeleski at rci.rogers.com
Tue Mar 25 15:33:43 UTC 2003
>If you fooled the router into thinking that the reverse path for the
>source is on another another interface and then used strict unicast RPF
>checking, that may accomplish what you want without using ACLs. I don't
>know what impact it would have on your CPU however, you'll have to
>investigate or provide more details.
However you'd also risk loosing any traffic that was asymmetric in nature.
-Jim
More information about the NANOG
mailing list