Re: Actions to quiet the Smurf amplifiers?

[Phil Howard <phil () whistler intur net>]

It doesn't seem to be working for me.  What version of IOS does this new
feature show up in?  Why hasn't it been mentioned before?  Or is this not
similar enough to be usable to block smurf and other forgery?


Danny McPherson writes...

> Cisoc already has a feature similar to this, "ip verify unicast reverse-path".
>
> -danny
>
> > Danny McPherson writes...
> >
> > > ingress filtering .. that's a novel idea :-)  
> >
> > "smart" ingress filtering, as opposed to hard coded filtering, which
> > is already done a lot.  It would come at some costs, as every packet
> > would have to have 2 routing lookups done for it, one of which must
> > return or compare against all routes, not just the best route.

-- 
 --    *-----------------------------*      Phil Howard KA9WGN       *    --
  --   | Inturnet, Inc.              | Director of Internet Services |   --
   --  | Business Internet Solutions |       eng at intur.net        |  --
    -- *-----------------------------*      philh at intur.net       * --