The description reminded me of "TCP Intercept"... (SYN/ACK replying and late
forwarding of SYN+ACK). JunOS doesn't seem to have it, high-end IOS doesn't
either.
To me, such a feature doesn't belong to router-land, but to
multilayer-switch-land. On router-land, unicast-RPF is something that JunOS
is lacking.
Rubens Kuhl Jr.
-----Original Message-----
From: Dmitri Kalintsev [mailto:dek@hades.uz]
Sent: Thursday, April 05, 2001 10:27 PM
To: juniper-nsp@puck.nether.net
Subject: [j-nsp] (d)DoS handling
I've heard rumors that JunOS has some sort of knobs for handling (d)DoS,
such as packet floods with spoofed source, etc (we all know them all too
well). Is there such thing, and if there is then what IS it and how exactly
it works?
(I am well aware that currently nothing radical can be done to prevent
those, besides constant customer and provider education about usefulness of
source address forging prevention techniques and dropping IP space under
attack from global BGP tables, when it is possible. *yech*).
Thanks,
-- CCNP, CCDP (R&S) Dmitri E. Kalintsev CDPlayer@irc Network Architect @ connect.com.au dek @ connect.com.au phone: +61 39 674 3913 fax: 251 3666 http://-UNAVAIL- UIN:7150410 cell: +61 41 335 1634
This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:42 EDT