On Sun, Jan 07, 2001 at 06:07:50PM -0600, Basil Kruglov wrote:
> On Fri, Jan 05, 2001 at 05:11:09PM -0500, Jared Mauch wrote:
> > I've had no problems with it doing a
> > "ip verify unicast source reachable-via any" on any of my
> > equipment running 14S.. except for GSR Engine2 linecards which
> > do not support it (yet).
> >
> > It's useful to drop spoofed rfc1918 srces that may be part
> > of a smurf or some other DoS in the core. It removes the martians
> > from packet tracking.. now spoofed sources that are real ips become the
> > whole new problem. We need more dialup/dsl anti-spoofing to happen,
> > but that's not a subject for here.
>
> Could not find any notes at CCO... is this feature going to work in asymmetric
> environment?
>
> Also, is 12.0.14S+ the only version where this feature available at the
> moment?
That i'm aware of.
The 'ip verify source reachable via any' (or similar) is useful
to drop martians.
- Jared
-- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine. END OF LINE | Manager of IP networks built within my own home
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:24 EDT