nanog mailing list archives
Re: Effective ways to deal with DDoS attacks?
From: Eric Gauthier <eric () roxanne org>
Date: Thu, 2 May 2002 13:25:25 -0400
http://www.cisco.com/warp/public/707/newsflash.html There are some limitations as to where uRPF works, SONET only on GSRs for example (thanks Cisco). I believe it will work on 65xx (SUP1A and SUP2 I think) regardless of interface type. Impact should be minimal, as it simply does a lookup in the CEF table, if the route isn't there it discards.
We're running 6509's - both Sup1a and Sup2 - with 10, 100, and GigE links in a large campus environment. We did have some problems with the Sup2's running hybrid code, but the Sup1a's were fine. When we switched over to native IOS about six months ago, both the Sup1a's and Sup2's handled it without a problem or performance hit, even on some of our campus Gigabit links. Its a nice feature but, as someone already pointed out, its based on routing table entries so there is NO PROTECTION if someone on a subnet is spoofing the IP of another system on the same subnet. Having said that, we use it more so that we can quickly track the source of an attack if its originating on our network rather than as a means to protect ourselves from the big, bad Internet. Once we know the source, we know for sure what router interface its originating from, so we just start snooping traffic from that interface to find the offending MAC and go from there... Another limitation that we've found with uRPF is that it doesn't live well with multihomed systems (i.e. a host with two NIC's - each on a different subnet) because of the way most OS'es handle their default gateways. For anyone who is interested in our experience, drop me a note off list. If you have a solution for this multihoming problem, PLEASE email me off-list. Eric :)
Current thread:
- Re: Effective ways to deal with DDoS attacks?, (continued)
- Re: Effective ways to deal with DDoS attacks? E.B. Dreger (May 02)
- Re: Effective ways to deal with DDoS attacks? E.B. Dreger (May 02)
- Re: Effective ways to deal with DDoS attacks? Rubens Kuhl Jr. (May 03)
- RE: Effective ways to deal with DDoS attacks? LeBlanc, Jason (May 02)
- Re: Effective ways to deal with DDoS attacks? Richard A Steenbergen (May 02)
- RE: Effective ways to deal with DDoS attacks? Iljitsch van Beijnum (May 02)
- Re: Effective ways to deal with DDoS attacks? Mark Turpin (May 02)
- Re: Effective ways to deal with DDoS attacks? Richard A Steenbergen (May 02)
- Re: Effective ways to deal with DDoS attacks? Iljitsch van Beijnum (May 02)
- RE: Effective ways to deal with DDoS attacks? Barry Raveendran Greene (May 03)
- Re: Effective ways to deal with DDoS attacks? Eric Gauthier (May 02)
- Re: Effective ways to deal with DDoS attacks? Stephen Griffin (May 03)
- Re: Effective ways to deal with DDoS attacks? Iljitsch van Beijnum (May 03)
- /31 mask address Toan Do (May 03)
- Re: /31 mask address Simon Lockhart (May 03)
- Re: /31 mask address Andre Chapuis (May 03)
- Re: /31 mask address Simon Lockhart (May 03)
- Re: /31 mask address Robert E. Seastrom (May 03)
- Re: /31 mask address Manolo Hernandez (May 03)
- Re: /31 mask address Andre Chapuis (May 03)
- Re: /31 mask address JAKO Andras (May 06)