|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Effective ways to deal with DDoS attacks?
On Thu, 2 May 2002, Richard A Steenbergen wrote: > RPF works by matching the source address of the packet against the CEF > table, in addition to the normal match against the destination address. > There are multiple modes of operation, ranging from "is there a route > for the source address to the specific interface it come in on" to "is > there a route to the source address for ANY interface on the box" The > former is used to stop your single homed customers from spoofing wildly > into the internet. You can do this for multihomed customers to: it's just that multihomed customers can't use it for traffic coming from their transits (= you), because uRPF breaks asymmetric routing.
|