North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: SYN spoofing

  • From: Daniel Senie
  • Date: Tue Aug 03 12:53:56 1999

I wonder if any of the cisco experts could comment on an idea for
removing bogons from the core...

Questions:

- do folks use cisco's policy routing capabilities on their
  routers? core routers?

- does the use of policy routing significantly affect performance
  in the core?

The thought is that using policy routing capabilities of IOS, it appears
possible to separate out traffic matching certain characteristics,
including source addresses. If packets with bogus source addresses can
be so identified, the policy routing could route these to null0.

I don't know how Cisco did their implementation of this feature. It's
certainly possible to construct hardware which does source IP address
matching in hardware looking for bogons, by the same methods used to do
destination address matching (a.k.a. routing table lookups).

-- 
-----------------------------------------------------------------
Daniel Senie                                        [email protected]
Amaranth Networks Inc.            http://www.amaranthnetworks.com