[24646] in North American Network Operators' Group
Re: SYN spoofing
daemon@ATHENA.MIT.EDU (bryan s. blank)
Wed Jul 28 11:55:16 1999
From: "bryan s. blank" <bryan@supernet.net>
To: dts@senie.com (Daniel Senie)
Date: Wed, 28 Jul 1999 11:54:03 -0400 (EDT)
Cc: jshaw@insync.net, nanog@merit.edu
In-Reply-To: <379F1FFF.7229F1DE@senie.com> from "Daniel Senie" at Jul 28, 99 11:21:35 am
Errors-To: owner-nanog-outgoing@merit.edu
% ip verify unicast reverse-path
%
% and according to Paul Ferguson (co-author of RFC 2267) it's in use by
% many ISPs. Apparently this is very-low overhead. Paul has also indicated
% the use of extended access lists on Cisco routers is very low overhead,
% especially on routers using distributed express forwarding.
while i hate to question mr. ferguson, it's my understanding
that many isps have found this feature to be unusable due to
network design.
-----------------------------------------------------------------------------
bryan s. blank bryan@supernet.net
(443)394-9529 tele
(410)995-2191 page
(410)802-6998 emer
