North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Network Probes

  • From: Paul Ferguson
  • Date: Thu Mar 09 18:20:53 2000

At 05:53 PM 03/09/2000 -0500, Scott McGrath wrote:

>I cannot find anything in the literature about this attack method, As a
>WILD guess
>it is a mutation of one of the DDOS tools with new ports. but this
>underscores the importance of martian filters on border routers and also
>filtering outbounds
>so that spoofed addresses cannot leave your border routers.  Cisco also has
>obscure command to verify the path but it drops the router into process
>switch mode
>as I recall,  If I am wrong please correct

You're wrong.  :-)

I think you're talking about "ip verify unicast reverse-path",
or what we also call Unicast RPF, which requires CEF switching
(which is definately _not_ process level switching).

- paul