Re: Efficient DoS filter

[Al Reuben <alex () nac net>]

Why not use loopback0, I thought that was fast switched?


Hasn't this horse been killed by now?



On Sat, 28 Mar 1998, Alex Bligh wrote:

> I think this is an operational issue, at least for those running Cisco.
>
> Having just been hit by 10Mb/s of DoS attack and finding a 75xx has
> difficulty filtering it, here is quite a nice way (assuming we're
> talking a randomized source, single destination attack).
>
> Find your favorite ATM interface (sorry Sean). Set up a sub-interface
> covering the IP address concerned, put in a map-list to the duff
> interface, and put it on a VC that doesn't go anywhere through your
> ATM switch. This way the ATM switch foes the filtering.
>
> PLEASE can we have hardware assisted switching to null0: if anyone's
> listening at Cisco? Nothing else would filter this out (no convenient
> LANs nearby, serial type interface just sends the data anyway etc...).
> This would probably work on FR too.
>
> Alex Bligh
> GX Networks (formerly Xara Networks)

-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
                  Atheism is a non-prophet organization.

       Alex Rubenstein, alex () nac net, KC2BUO, ISP/C Charter Member
               Father of the Network and Head Bottle-Washer
     Net Access Corporation, 9 Mt. Pleasant Tpk., Denville, NJ 07834
 Don't choose a spineless ISP! We have more backbone!  http://www.nac.net
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --