[c-nsp] DNS amplification
Peter Rathlev
peter at rathlev.dk
Sun Mar 17 13:44:46 EDT 2013
On Sun, 2013-03-17 at 18:21 +0100, Gert Doering wrote:
[on uRPF]
> Each interface can be on/off individually just fine. What does not work
> is have some interfaces in "strict mode" and other interfaces in "loose
> mode" on the same sup720 (EARL7) box (is this fixed in EARL8, btw?).
The Sup2T lets you configure all sorts of nice things including
ip verify unicast source reachable-via rx l2-src
on one interface and
ip verify unicast source reachable-via any
on another. I haven't tested if it works as intended but can't see why
it shouldn't. (When did Cisco ever disappoint there? ;-))
--
Peter
More information about the cisco-nsp
mailing list