[j-nsp] blackhole routing - RPF
Wei Keong
chooweikeong at pacific.net.sg
Wed Jul 13 06:58:02 EDT 2005
Hi,
I understand that one of the ways to stop DOS attack is to blackhole route
based on source address, by using RPF (loose) and null route.
I am not very sure about the behaviour of RPF (loose) in juniper routers,
especially if the router has a default route.
http://www.juniper.net/techpubs/software/junos/junos61/swconfig61-interfaces/html/interfaces-family-config21.html#1066802
Has anyone tried to do this before? Does it work as expected?
Thanks,
Wei Keong
More information about the juniper-nsp
mailing list