[c-nsp] GRE router recommendations
Brett Frankenberger
rbf+cisco-nsp at panix.com
Sat Apr 21 12:31:03 EDT 2007
On Sat, Apr 21, 2007 at 02:32:22PM +0200, Gert Doering wrote:
>
> 7600/Sup720 will do "whatever you need", provided you use a different local
> address for each "tunnel source" (if you have multiple tunnels on the
> same local IP address, the hardware can't do the tunneling, and the CPU
> is much slower).
But it won't verify the source address on GRE packets it receives,
which makes it feasible to forge GRE packets without forging the source
address, which in some configurations makes some attacks easier. That
relevant in some situations and not in others ...
-- Brett
More information about the cisco-nsp
mailing list