[j-nsp] DDoS to core interface - mitigation

Pierre Emeriaud petrus.lt at gmail.com
Fri Mar 9 10:40:17 EST 2018


2018-03-09 15:48 GMT+01:00  <adamv0025 at netconsultings.com>:
>
> But I was actually referring to the very appealing idea you proposed in b) to not to even advertise the range -so the DDoS traffic would not even end up at your doorstep as simply the Internet would not have route for any of your p2p links.

this is really nice and a must-have, but has the side effect (bonus or
not, up to you) to make your network 'invisible' to others if they
have urpf enabled towards you.


More information about the juniper-nsp mailing list