North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: SYN spoofing and Ciscos crashing
On Wed, 28 Jul 1999, bryan s. blank wrote: > > % ip verify unicast reverse-path > % > % and according to Paul Ferguson (co-author of RFC 2267) it's in use by > % many ISPs. Apparently this is very-low overhead. Paul has also indicated > % the use of extended access lists on Cisco routers is very low overhead, > % especially on routers using distributed express forwarding. > > while i hate to question mr. ferguson, it's my understanding > that many isps have found this feature to be unusable due to > network design. I just took out a 7206 by applying ip verify unicast reverse-path to a T3 link on a PA2T3 and attempting to spoof packets from the POP on the other end of that T3. The 7206 is running c7200-inu-mz.111-25.CC. Fortunately, it rebooted after it crashed. System restarted by bus error at PC 0x605F88CC, address 0x10024 at 20:29:49 UTC Wed Jul 28 1999 This router had been up over 8 weeks without a crash (ever since Cisco replaced the previous 7206 in this POP that was either posessed or a lemon). The memory is Cisco memory. All the parts came directly from Cisco. Is this known to be unstable in 111-25.CC? Is it known to be stable in some other release that supports the PAT3, PA2T3, and PA-MCT3? ----don't waste your cpu, crack rc5...www.distributed.net team enzo--- Jon Lewis *[email protected]*| Spammers will be winnuked or System Administrator | nestea'd...whatever it takes Atlantic Net | to get the job done. _________http://www.lewis.org/~jlewis/pgp for PGP public key__________
|