nanog mailing list archives
Re: Using Policy Routing to stop DoS attacks
From: "Christopher L. Morrow" <chris () UU NET>
Date: Mon, 12 May 2003 20:29:32 +0000 (GMT)
On Mon, 12 May 2003, Stefan Mink wrote:
On Tue, Mar 25, 2003 at 04:58:59PM +0000, Christopher L. Morrow wrote:you could hold blackhole routes for these destinations in your route table (local or bgp) So long as the destination for the source is bad (null for instance) the traffic would get dropped. I believe the proper terms from cisco for this are: "So long as the adjacency is invalid" ...is there a way to make this source-blackhole-routing work on J's too (does this work with discard-routes too)?
I believe someone from Juniper should likely answer this question :) As I understand the setup from a Cisco perspective (and someone from Cisco can correct me if I get it wrong). uRPF works in such a way that if the source address's destination has an invalid FIB entry (or no entry, or Null0) the packets are dropped. Perhaps Juniper implemented it this way? I have not checked anymore closely than this. Sorry. :(
Current thread:
- Re: Using Policy Routing to stop DoS attacks Stefan Mink (May 12)
- Re: Using Policy Routing to stop DoS attacks Christopher L. Morrow (May 12)
- Message not available
- Re: Using Policy Routing to stop DoS attacks Stefan Mink (May 13)
- Re: Using Policy Routing to stop DoS attacks Jeff Kell (May 13)
- Re: Using Policy Routing to stop DoS attacks Stefan Mink (May 13)
- <Possible follow-ups>
- RE: Using Policy Routing to stop DoS attacks Christopher L. Morrow (May 13)
- RE: Using Policy Routing to stop DoS attacks Christopher L. Morrow (May 13)