Using Policy Routing to stop DoS attacks
Jeff Kell
jeff-kell at utc.edu
Tue May 13 13:35:00 UTC 2003
Stefan Mink wrote:
> On Mon, May 12, 2003 at 04:38:30PM +0530, Lars Higham wrote:
>
>>Ya, you configure the next-hop of the source route(s) to discard -
>
> just if I got this right: On both, Juniper and Cisco, if the
> source OR destination address is reachable via [NULL0|Discard],
> the packet gets dropped if RPF is enabled on the interface.
>
> Does this work in loose mode too?
Does it allow for a default route? e.g., can it be defined on the
default interface without a full routing table (so that sources from
other interfaces can be included in the spoof test)?
Jeff
More information about the NANOG
mailing list