North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Effective ways to deal with DDoS attacks?

  • From: Iljitsch van Beijnum
  • Date: Thu May 02 13:51:04 2002

On Thu, 2 May 2002, Richard A Steenbergen wrote:

> RPF works by matching the source address of the packet against the CEF
> table, in addition to the normal match against the destination address.
> There are multiple modes of operation, ranging from "is there a route
> for the source address to the specific interface it come in on" to "is
> there a route to the source address for ANY interface on the box" The
> former is used to stop your single homed customers from spoofing wildly
> into the internet.

You can do this for multihomed customers to: it's just that multihomed
customers can't use it for traffic coming from their transits (= you),
because uRPF breaks asymmetric routing.