On Thu, Apr 05, 2001 at 06:53:56PM -0700, Bradley Dunn wrote:
> At 03:27 AM 4/6/2001 +0200, Dmitri Kalintsev wrote:
> >I've heard rumors that JunOS has some sort of knobs for handling (d)DoS,
> >such as packet floods with spoofed source, etc (we all know them all too
> >well). Is there such thing, and if there is then what IS it and how exactly
> >it works?
>
> Check out this application note on minimizing the effects of DoS attacks:
> http://www.juniper.net/techcenter/app_note/350001.html
Nothing new or particularly exciting. *sigh* Anything else?
By the way, does Juniper have an analog of ip verify reverse-path unicast?
As well, I vaguely recall somebody in cisco-nsp mentioning cisco's
extensions to rpf unicast verification, something like "ip verify
reverse-path unicast relaxed", when it would drop packets that are not in
FIB at all rather than in FIB for this particular interface packet is
received on. Does Juniper have something like this or have plans to have it
implemented? (I could not find anything about these extensions on cisco web
site, though..)
Thanks,
-- CCNP, CCDP (R&S) Dmitri E. Kalintsev CDPlayer@irc Network Architect @ connect.com.au dek @ connect.com.au phone: +61 39 674 3913 fax: 251 3666 http://-UNAVAIL- UIN:7150410 cell: +61 41 335 1634
This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:42 EDT