So if I have fully meshed networks, 2 GSR from 2 diff ISPs, should I put
this command inbound or outbound?
DS
On Wed, 6 Jun 2001, Gert Doering wrote:
> Hi,
>
> On Wed, Jun 06, 2001 at 12:08:46PM -0700, Danny Sutantyo wrote:
> > Has anybody used command called "ip verify unicast reverse-path" for
> > anti-spoofing in Cisco IOS Router features?
>
> Yes!
>
> > How do you implement this? and what's the side effect?
>
> I use this on all our single-homed customer lines (static routes pointing
> to them), and it's great. Best thing since "clear ip b soft in" :)
>
> It has no adverse side effects, and it stops your customers from spoofing
> foreign IP addresses without the need for you to maintain access lists.
>
> It should be mandatory for all ISPs out there - will stop most DoS attacks
> with forged source IPs cold in the water.
>
> gert
>
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:40 EDT