[54864] in North American Network Operators' Group
Re: FW: Re: Is there a line of defense against Distributed Reflective attacks?
daemon@ATHENA.MIT.EDU (John Kristoff)
Sun Jan 19 08:36:11 2003
Date: Sun, 19 Jan 2003 07:35:40 -0600
From: John Kristoff <jtk@aharp.is-net.depaul.edu>
To: nanog@merit.edu
In-Reply-To: <20030118224511.B191482@hiwaay.net>
Errors-To: owner-nanog-outgoing@merit.edu
On Sat, Jan 18, 2003 at 10:45:11PM -0600, Chris Adams wrote:
> How is this different than "ip verify unicast reverse-path" (modulo CEF
> problems and bugs, which of course NEVER happen :-) )?
It would be useful for all sorts of things besides verifying a source
address. So in addition to complicated configurations such as multi-
homing/paths that you mention, it could also be useful for standard
filters on protocols, ports, logging and so on.
John
