nanog mailing list archives
RE: Effective ways to deal with DDoS attacks?
From: Iljitsch van Beijnum <iljitsch () muada com>
Date: Thu, 2 May 2002 18:58:06 +0200 (CEST)
On Thu, 2 May 2002, LeBlanc, Jason wrote:
There are some limitations as to where uRPF works, SONET only on GSRs for example (thanks Cisco). I believe it will work on 65xx (SUP1A and SUP2 I think) regardless of interface type. Impact should be minimal, as it simply does a lookup in the CEF table, if the route isn't there it discards.
It can do much more. You can use it to get rid spoofed source addresses from customers and peers without the need to maintain large access lists.
lookup, much more efficient than a filter. This will get rid of a HUGE percentage of spoofed packets that hit your network,
If you just filter out anything that's not in the routing table, that's about half the address space and it only works if the spoofers are stupid. When you're looking at pure bandwidth that's still helpful, but it doesn't really solve anything. However, You can use unicast RPF as a very efficient source address filter, by routing addresses to the null interface. This way you can get rid of huge amounts of unwanted sources in a very clean way. As long as we're asking for features: what I would like is a unicast RPF check that allows everything that isn't routed to the null interface. And of course unicast RPF period for all vendors who aren't Cisco.
Current thread:
- Re: Effective ways to deal with DDoS attacks?, (continued)
- Re: Effective ways to deal with DDoS attacks? Kurt Erik Lindqvist (May 06)
- RE: Effective ways to deal with DDoS attacks? LeBlanc, Jason (May 02)
- Re: Effective ways to deal with DDoS attacks? Richard A Steenbergen (May 02)
- Re: Effective ways to deal with DDoS attacks? Hank Nussbacher (May 02)
- Re: Effective ways to deal with DDoS attacks? Richard A Steenbergen (May 02)
- Re: Effective ways to deal with DDoS attacks? E.B. Dreger (May 02)
- Re: Effective ways to deal with DDoS attacks? E.B. Dreger (May 02)
- Re: Effective ways to deal with DDoS attacks? Richard A Steenbergen (May 02)
- Re: Effective ways to deal with DDoS attacks? Rubens Kuhl Jr. (May 03)
- Re: Effective ways to deal with DDoS attacks? Richard A Steenbergen (May 02)
- RE: Effective ways to deal with DDoS attacks? Iljitsch van Beijnum (May 02)
- Re: Effective ways to deal with DDoS attacks? Mark Turpin (May 02)
- Re: Effective ways to deal with DDoS attacks? Richard A Steenbergen (May 02)
- Re: Effective ways to deal with DDoS attacks? Iljitsch van Beijnum (May 02)
- RE: Effective ways to deal with DDoS attacks? Barry Raveendran Greene (May 03)
- Re: Effective ways to deal with DDoS attacks? Stephen Griffin (May 03)
- Re: Effective ways to deal with DDoS attacks? Iljitsch van Beijnum (May 03)
- /31 mask address Toan Do (May 03)
- Re: /31 mask address Simon Lockhart (May 03)
- Re: /31 mask address Andre Chapuis (May 03)