|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Using Policy Routing to stop DoS attacks
> uRPF will certainly save a bit of CPU cycles than access-lists or policy > routing.. it would be intertesting to know any kind of 'common practice' > ways people use to fool the router so that it will think such offensive > source IP's are hitting uRPF. null route? even with a loose check, if you implement some kind of blackhole system, send the miscreant source adress to say, 172.1.1.1 and have 172.1.1 routed to null 0, uRPF should kill any src/dst packets for the host/block if i'm not mistaken.
|