Hi,
On Wed, Jun 06, 2001 at 12:08:46PM -0700, Danny Sutantyo wrote:
> Has anybody used command called "ip verify unicast reverse-path" for
> anti-spoofing in Cisco IOS Router features?
Yes!
> How do you implement this? and what's the side effect?
I use this on all our single-homed customer lines (static routes pointing
to them), and it's great. Best thing since "clear ip b soft in" :)
It has no adverse side effects, and it stops your customers from spoofing
foreign IP addresses without the need for you to maintain access lists.
It should be mandatory for all ISPs out there - will stop most DoS attacks
with forged source IPs cold in the water.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert@greenie.muc.de
fax: +49-89-35655025 gert.doering@physik.tu-muenchen.de
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:40 EDT