nanog mailing list archives
Re: Using Policy Routing to stop DoS attacks
From: Jeff Kell <jeff-kell () utc edu>
Date: Tue, 13 May 2003 09:35:00 -0400
Stefan Mink wrote:
On Mon, May 12, 2003 at 04:38:30PM +0530, Lars Higham wrote:Ya, you configure the next-hop of the source route(s) to discard -just if I got this right: On both, Juniper and Cisco, if thesource OR destination address is reachable via [NULL0|Discard], the packet gets dropped if RPF is enabled on the interface.Does this work in loose mode too?
Does it allow for a default route? e.g., can it be defined on the default interface without a full routing table (so that sources from other interfaces can be included in the spoof test)?
Jeff
Current thread:
- Re: Using Policy Routing to stop DoS attacks Stefan Mink (May 12)
- Re: Using Policy Routing to stop DoS attacks Christopher L. Morrow (May 12)
- Message not available
- Re: Using Policy Routing to stop DoS attacks Stefan Mink (May 13)
- Re: Using Policy Routing to stop DoS attacks Jeff Kell (May 13)
- Re: Using Policy Routing to stop DoS attacks Stefan Mink (May 13)
- <Possible follow-ups>
- RE: Using Policy Routing to stop DoS attacks Christopher L. Morrow (May 13)
- RE: Using Policy Routing to stop DoS attacks Christopher L. Morrow (May 13)