[27735] in North American Network Operators' Group
Re: Network Probes
daemon@ATHENA.MIT.EDU (Scott McGrath)
Fri Mar 10 11:25:03 2000
Message-ID: <38C9204B.24ED5E2B@bexair.com>
Date: Fri, 10 Mar 2000 11:18:19 -0500
From: "Scott McGrath" <s_mcgrath@bexair.com>
MIME-Version: 1.0
To: Paul Ferguson <ferguson@cisco.com>, nanog@merit.edu
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
Thank you sir may I have another.... :-)
I had a vague recollection of that command from a 7000 session at Networkers
but I was not really sure what was required as we have mostly 2/3/4XXX series
routers around here with 7XXX and AGS+!!! (still going...) at the core
Thanks - Scott
Paul Ferguson wrote:
> At 05:53 PM 03/09/2000 -0500, Scott McGrath wrote:
>
> >I cannot find anything in the literature about this attack method, As a
> >WILD guess
> >it is a mutation of one of the DDOS tools with new ports. but this
> >underscores the importance of martian filters on border routers and also
> >filtering outbounds
> >so that spoofed addresses cannot leave your border routers. Cisco also has
> >an
> >obscure command to verify the path but it drops the router into process
> >switch mode
> >as I recall, If I am wrong please correct
>
> You're wrong. :-)
>
> I think you're talking about "ip verify unicast reverse-path",
> or what we also call Unicast RPF, which requires CEF switching
> (which is definately _not_ process level switching).
>
> - paul
