nanog mailing list archives
RE: Using Policy Routing to stop DoS attacks
From: Jim Deleskie <jdeleski () rci rogers com>
Date: Tue, 25 Mar 2003 10:33:43 -0500
If you fooled the router into thinking that the reverse path for the source is on another another interface and then used strict unicast RPF checking, that may accomplish what you want without using ACLs. I don't know what impact it would have on your CPU however, you'll have to investigate or provide more details.
However you'd also risk loosing any traffic that was asymmetric in nature. -Jim
Current thread:
- Re: Using Policy Routing to stop DoS attacks, (continued)
- Re: Using Policy Routing to stop DoS attacks Haesu (Mar 25)
- Re: Using Policy Routing to stop DoS attacks Christian Liendo (Mar 25)
- Re: Using Policy Routing to stop DoS attacks Jack Bates (Mar 25)
- Re: Using Policy Routing to stop DoS attacks Rafi Sadowsky (Mar 25)
- Re: Using Policy Routing to stop DoS attacks John Kristoff (Mar 25)
- Re: Using Policy Routing to stop DoS attacks Haesu (Mar 25)
- Re: Using Policy Routing to stop DoS attacks fingers (Mar 25)
- Re: Using Policy Routing to stop DoS attacks Christopher L. Morrow (Mar 25)
- Re: Using Policy Routing to stop DoS attacks Haesu (Mar 25)
- Re: Using Policy Routing to stop DoS attacks Haesu (Mar 25)
- Re: Using Policy Routing to stop DoS attacks Haesu (Mar 25)
- Re: Using Policy Routing to stop DoS attacks Christopher L. Morrow (Mar 25)
- RE: Using Policy Routing to stop DoS attacks Jim Deleskie (Mar 25)
- RE: Using Policy Routing to stop DoS attacks Christopher L. Morrow (Mar 25)
- Re: Using Policy Routing to stop DoS attacks Andre Chapuis (Mar 28)
- Re: Using Policy Routing to stop DoS attacks Charles H. Gucker (Mar 28)
- Re: Using Policy Routing to stop DoS attacks Christopher L. Morrow (Mar 28)
- Re: Using Policy Routing to stop DoS attacks Petri Helenius (Mar 28)