Re: [nsp] 12.0(14)S/new uRPF code

From: Jared Mauch (jared@puck.nether.net)
Date: Sun Jan 07 2001 - 20:08:43 EST


On Sun, Jan 07, 2001 at 06:07:50PM -0600, Basil Kruglov wrote:
> On Fri, Jan 05, 2001 at 05:11:09PM -0500, Jared Mauch wrote:
> > I've had no problems with it doing a
> > "ip verify unicast source reachable-via any" on any of my
> > equipment running 14S.. except for GSR Engine2 linecards which
> > do not support it (yet).
> >
> > It's useful to drop spoofed rfc1918 srces that may be part
> > of a smurf or some other DoS in the core. It removes the martians
> > from packet tracking.. now spoofed sources that are real ips become the
> > whole new problem. We need more dialup/dsl anti-spoofing to happen,
> > but that's not a subject for here.
>
> Could not find any notes at CCO... is this feature going to work in asymmetric
> environment?
>
> Also, is 12.0.14S+ the only version where this feature available at the
> moment?

        That i'm aware of.

        The 'ip verify source reachable via any' (or similar) is useful
to drop martians.

        - Jared

-- 
Jared Mauch  | pgp key available via finger from jared@puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.
END OF LINE  | Manager of IP networks built within my own home



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:24 EDT