[c-nsp] Surviving denial of service from certain IPs
Gustavo Rodrigues Ramos
gustavo at acmesecurity.org
Fri Jul 25 15:32:31 EDT 2008
Hello Mario, uRPF would be my first choice (between ACL, route-maps or
whatsoever). For example, I used to block denial of service attacks in
the 7500 platform using only uRPF without performance issues (and
routing around 140 Mbps through the box).
Gustavo.
On Fri, Jul 25, 2008 at 9:31 AM, Mario Spinthiras
<spinthiras.mario at gmail.com> wrote:
> Arie hello and thank you for your feedback.
>
>
> What I want to know is how would route-map methods effectively help stop
> such attacks and what the resource usage comparison is when putting ACLs and
> other methods on the scale. uRPF is all very nice but what about something
> along the lines of a 100 Mbps stub network?
More information about the cisco-nsp
mailing list