Re: Cool DDoS (Distributed Denial of Service) link

[Priscilla Oppenheimer]

At 08:49 AM 1/2/01, Chuck Church wrote:
 From Network Computing:

http://www.nwc.com/1201/1201f1c1.html

Indeed, very nicely-written article. The best thing in it was the link to 
the Cisco site on Unicast Reverse Path Forwarding, which I'd never heard 
of. (I'd heard of Multicast RPF, but not unicast.)

I'm curious, is anyone using Unicast RPF? Does it work well? Any 
performance problems with it?

Here's what it does:

"When Unicast RPF is enabled on an interface, the router examines all 
packets received as input on that interface to make sure that the source 
address and source interface appear in the routing table and match the 
interface on which the packet was received. This 'look backwards' ability 
is available only when Cisco express forwarding (CEF) is enabled on the 
router, because the lookup relies on the presence of the Forwarding 
Information Base (FIB). CEF generates the FIB as part of its operation."

For  more info see:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt5/scdrpf.htm

Priscilla


Chuck Church
CCNP, CCDP, MCNE, MCSE
Sr. Network Engineer
Magnacom Technologies
140 N. Rt. 303
Valley Cottage, NY 10989
845-267-4000 x218


_
FAQ, list archives, and subscription info: 
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Priscilla Oppenheimer
http://www.priscilla.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cool DDoS (Distributed Denial of Service) link

[Chuck Church]

It sounds like an anti-spoofing mechanism, much like not allowing packets
from the internet into your network with a source address of your network.
This goes a little beyond that by verifying that the source is reachable
from the interface it was received on.  I've always done this with an access
list, which is easy with only 1 connection to the 'Net.  Doing it with CEF
rather than process switching has got to offer some big performance
benefits.  Now, if I could only remember which platforms support CEF... 

Chuck Church
CCNP, CCDP, MCNE, MCSE
Sr. Network Engineer
Magnacom Technologies
140 N. Rt. 303
Valley Cottage, NY 10989
845-267-4000 x218



-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 02, 2001 3:58 PM
To: Chuck Church; '[EMAIL PROTECTED]'
Subject: Re: Cool DDoS (Distributed Denial of Service) link


At 08:49 AM 1/2/01, Chuck Church wrote:
 From Network Computing:

http://www.nwc.com/1201/1201f1c1.html

Indeed, very nicely-written article. The best thing in it was the link to 
the Cisco site on Unicast Reverse Path Forwarding, which I'd never heard 
of. (I'd heard of Multicast RPF, but not unicast.)

I'm curious, is anyone using Unicast RPF? Does it work well? Any 
performance problems with it?

Here's what it does:

"When Unicast RPF is enabled on an interface, the router examines all 
packets received as input on that interface to make sure that the source 
address and source interface appear in the routing table and match the 
interface on which the packet was received. This 'look backwards' ability 
is available only when Cisco express forwarding (CEF) is enabled on the 
router, because the lookup relies on the presence of the Forwarding 
Information Base (FIB). CEF generates the FIB as part of its operation."

For  more info see:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secu
r_c/scprt5/scdrpf.htm

Priscilla


Chuck Church
CCNP, CCDP, MCNE, MCSE
Sr. Network Engineer
Magnacom Technologies
140 N. Rt. 303
Valley Cottage, NY 10989
845-267-4000 x218


_
FAQ, list archives, and subscription info: 
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Priscilla Oppenheimer
http://www.priscilla.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]