[24667] in North American Network Operators' Group
Re: SYN spoofing
daemon@ATHENA.MIT.EDU (Forrest W. Christian)
Wed Jul 28 21:40:38 1999
Date: Wed, 28 Jul 1999 19:36:50 -0600 (MDT)
From: "Forrest W. Christian" <forrestc@iMach.com>
To: Daniel Senie <dts@senie.com>
Cc: Joe Shaw <jshaw@insync.net>, nanog@merit.edu
In-Reply-To: <379F1FFF.7229F1DE@senie.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, 28 Jul 1999, Daniel Senie wrote:
> Cisco implemened a feature called "Unicast RPF" That disallows
> forwarding of packets on an interface where a reverse path is not
> present. The command to activate it is:
>
> ip verify unicast reverse-path
This only works if you have CEF turned on. And... Turning CEF on in a
4500 series router w/64mb ram & 2 BGP views just plain isn't good.
Now, if we could get CEF to only cache non BGP routes....
- Forrest W. Christian (forrestc@imach.com) KD7EHZ
----------------------------------------------------------------------
iMach, Ltd., P.O. Box 5749, Helena, MT 59604 http://www.imach.com
Solutions for your high-tech problems. (406)-442-6648
----------------------------------------------------------------------
