North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: SYN spoofing and Ciscos crashing
[email protected] wrote: > > On Wed, 28 Jul 1999, bryan s. blank wrote: > > > > > % ip verify unicast reverse-path > > % > > % and according to Paul Ferguson (co-author of RFC 2267) it's in use by > > % many ISPs. Apparently this is very-low overhead. Paul has also indicated > > % the use of extended access lists on Cisco routers is very low overhead, > > % especially on routers using distributed express forwarding. > > > > while i hate to question mr. ferguson, it's my understanding > > that many isps have found this feature to be unusable due to > > network design. > > I just took out a 7206 by applying ip verify unicast reverse-path to a T3 > link on a PA2T3 and attempting to spoof packets from the POP on the other > end of that T3. > > The 7206 is running c7200-inu-mz.111-25.CC. Fortunately, it rebooted > after it crashed. > > System restarted by bus error at PC 0x605F88CC, address 0x10024 at > 20:29:49 UTC Wed Jul 28 1999 > > This router had been up over 8 weeks without a crash (ever since Cisco > replaced the previous 7206 in this POP that was either posessed or a > lemon). The memory is Cisco memory. All the parts came directly from > Cisco. > > Is this known to be unstable in 111-25.CC? Is it known to be stable in > some other release that supports the PAT3, PA2T3, and PA-MCT3? In a note off-list, Jack Crowder said: "Actually there was a bug in 11.1.26CC. Supposedly, 11.1.27CC has the fix incorporated." I suspect the version of IOS (.25) you're trying to use has whatever bug is referenced as being in .26. -- ----------------------------------------------------------------- Daniel Senie [email protected] Amaranth Networks Inc. http://www.amaranthnetworks.com
|