[27718] in North American Network Operators' Group
Re: Network Probes
daemon@ATHENA.MIT.EDU (Paul Ferguson)
Thu Mar 9 18:19:51 2000
Message-Id: <4.2.2.20000309180728.00a26ce0@lint.cisco.com>
Date: Thu, 09 Mar 2000 18:10:48 -0500
To: "Scott McGrath" <s_mcgrath@bexair.com>
From: Paul Ferguson <ferguson@cisco.com>
Cc: "Matthew R. Potter" <mpotter@atpco.com>, nanog@merit.edu
In-Reply-To: <38C82B5B.707E5B3C@bexair.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Errors-To: owner-nanog-outgoing@merit.edu
At 05:53 PM 03/09/2000 -0500, Scott McGrath wrote:
>I cannot find anything in the literature about this attack method, As a
>WILD guess
>it is a mutation of one of the DDOS tools with new ports. but this
>underscores the importance of martian filters on border routers and also
>filtering outbounds
>so that spoofed addresses cannot leave your border routers. Cisco also has
>an
>obscure command to verify the path but it drops the router into process
>switch mode
>as I recall, If I am wrong please correct
You're wrong. :-)
I think you're talking about "ip verify unicast reverse-path",
or what we also call Unicast RPF, which requires CEF switching
(which is definately _not_ process level switching).
- paul
