[j-nsp] blackhole routing - RPF

Sabri Berisha sabri at cluecentral.net
Wed Jul 13 07:00:23 EDT 2005


On Wed, Jul 13, 2005 at 06:58:02PM +0800, Wei Keong wrote:

Hello,

> I understand that one of the ways to stop DOS attack is to blackhole route 
> based on source address, by using RPF (loose) and null route.
> 
> I am not very sure about the behaviour of RPF (loose) in juniper routers, 
> especially if the router has a default route.

If the router has a default route and you use loose RPF-checking, there
will always be a path through -some- interface so the RPF-checking is
useless.

-- 
Sabri Berisha,
Juniper Certified - JNCIA #747	| Cisco Certified - CCNA
email: sabri at cluecentral.net	| cell: +31 6 19890416
http://www.cluecentral.net/	| http://www.virt-ix.net/


More information about the juniper-nsp mailing list