nanog mailing list archives
RE: Network Operators and smurf
From: barton () cent net
Date: Sat, 25 Apr 1998 15:55:40 -0400 (EDT)
Current recipe for anti-forging with Cisco hardware:
o Pick up CEF code (11.1(17)CC, which doesn't yet (?) exist for all Cisco platforms, unfortunately)
o Configure:
!
ip cef switch
! or "ip cef distributed switch" for an RSP+VIP2 based box
!
interface whatever
ip verify unicast reverse-path
!
I don't know what exact configs are vulnerable, but don't try this on a 7206 if you have a PA-8T with frame relay on it. I had CEF only on PA-2T3 ports and F0/0 on the controller card and yet all frame relay connections on multiple T1s on the PA-8T were trashed. cscdj87169 is not resolved yet.
Current thread:
- Re: Network Operators and smurf, (continued)
- Re: Network Operators and smurf Al Reuben (Apr 25)
- Re: Network Operators and smurf Havard . Eidnes (Apr 25)
- Re: Network Operators and smurf Al Reuben (Apr 25)
- Re: Network Operators and smurf Havard . Eidnes (Apr 25)
- Re: Network Operators and smurf Al Reuben (Apr 25)
- Re: Network Operators and smurf Havard . Eidnes (Apr 25)
- Re: Network Operators and smurf Phil Howard (Apr 26)
- Re: Network Operators and smurf Phil Howard (Apr 26)
- Re: Network Operators and smurf Brian Holt (Apr 25)
- Re: Network Operators and smurf Alex P. Rudnev (Apr 27)
- RE: Network Operators and smurf barton (Apr 25)
- RE: Network Operators and smurf Craig A. Huegen (Apr 26)
- Re: Network Operators and smurf Karl Denninger (Apr 26)
- Re: Network Operators and smurf Jason Lixfeld (Apr 26)
- Re: Network Operators and smurf Karl Denninger (Apr 26)
- Re: Network Operators and smurf Daniel R Ehrlich (Apr 26)
- Re: Network Operators and smurf Dalvenjah FoxFire (Apr 26)
- Re: Network Operators and smurf D'Arcy J.M. Cain (Apr 27)
- Re: Network Operators and smurf (UTSA) Bryan Bradsby (Apr 27)