Re: [nsp] 12.0(14)S/new uRPF code

From: Jared Mauch (jared@puck.nether.net)
Date: Fri Jan 05 2001 - 17:11:09 EST


        I've had no problems with it doing a
"ip verify unicast source reachable-via any" on any of my
equipment running 14S.. except for GSR Engine2 linecards which
do not support it (yet).

        It's useful to drop spoofed rfc1918 srces that may be part
of a smurf or some other DoS in the core. It removes the martians
from packet tracking.. now spoofed sources that are real ips become the
whole new problem. We need more dialup/dsl anti-spoofing to happen,
but that's not a subject for here.

        - Jared

On Fri, Jan 05, 2001 at 03:47:24PM -0600, Larry Rosenman wrote:
>
> Has anyone tried 12.0(14)S and the new RPF code that was
> mentioned here around 12/19/2000?
>
> Any feedback?
>
> Thanks!
>
> --
> Larry Rosenman http://www.lerctr.org/~ler
> Phone: +1 972-414-9812 E-Mail: ler@lerctr.org
> US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749

-- 
Jared Mauch  | pgp key available via finger from jared@puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.
END OF LINE  | Manager of IP networks built within my own home



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:24 EDT