|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Network Probes
Thank you sir may I have another.... :-) I had a vague recollection of that command from a 7000 session at Networkers but I was not really sure what was required as we have mostly 2/3/4XXX series routers around here with 7XXX and AGS+!!! (still going...) at the core Thanks - Scott Paul Ferguson wrote: > At 05:53 PM 03/09/2000 -0500, Scott McGrath wrote: > > >I cannot find anything in the literature about this attack method, As a > >WILD guess > >it is a mutation of one of the DDOS tools with new ports. but this > >underscores the importance of martian filters on border routers and also > >filtering outbounds > >so that spoofed addresses cannot leave your border routers. Cisco also has > >an > >obscure command to verify the path but it drops the router into process > >switch mode > >as I recall, If I am wrong please correct > > You're wrong. :-) > > I think you're talking about "ip verify unicast reverse-path", > or what we also call Unicast RPF, which requires CEF switching > (which is definately _not_ process level switching). > > - paul
|