North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Network Operators and smurf
>Current recipe for anti-forging with Cisco hardware: > o Pick up CEF code (11.1(17)CC, which doesn't yet (?) exist for all > Cisco platforms, unfortunately) > o Configure: > ! > ip cef switch > ! or "ip cef distributed switch" for an RSP+VIP2 based box > ! > interface whatever > ip verify unicast reverse-path > ! I don't know what exact configs are vulnerable, but don't try this on a 7206 if you have a PA-8T with frame relay on it. I had CEF only on PA-2T3 ports and F0/0 on the controller card and yet all frame relay connections on multiple T1s on the PA-8T were trashed. cscdj87169 is not resolved yet.
|