Using Policy Routing to stop DoS attacks

• Previous message (by thread): Using Policy Routing to stop DoS attacks
• Next message (by thread): Using Policy Routing to stop DoS attacks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Stefan Mink wrote:
> On Mon, May 12, 2003 at 04:38:30PM +0530, Lars Higham wrote:
> 
>>Ya, you configure the next-hop of the source route(s) to discard -
> 
> just if I got this right: On both, Juniper and Cisco, if the
> source OR destination address is reachable via [NULL0|Discard], 
> the packet gets dropped if RPF is enabled on the interface.
> 
> Does this work in loose mode too?

Does it allow for a default route?  e.g., can it be defined on the 
default interface without a full routing table (so that sources from 
other interfaces can be included in the spoof test)?

Jeff

• Previous message (by thread): Using Policy Routing to stop DoS attacks
• Next message (by thread): Using Policy Routing to stop DoS attacks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]