[j-nsp] blackhole routing - RPF
Sabri Berisha
sabri at cluecentral.net
Wed Jul 13 07:00:23 EDT 2005
On Wed, Jul 13, 2005 at 06:58:02PM +0800, Wei Keong wrote:
Hello,
> I understand that one of the ways to stop DOS attack is to blackhole route
> based on source address, by using RPF (loose) and null route.
>
> I am not very sure about the behaviour of RPF (loose) in juniper routers,
> especially if the router has a default route.
If the router has a default route and you use loose RPF-checking, there
will always be a path through -some- interface so the RPF-checking is
useless.
--
Sabri Berisha,
Juniper Certified - JNCIA #747 | Cisco Certified - CCNA
email: sabri at cluecentral.net | cell: +31 6 19890416
http://www.cluecentral.net/ | http://www.virt-ix.net/
More information about the juniper-nsp
mailing list