Security Basics mailing list archives

RE: ip verify unicast rpf vs acls on cisco routers?

From: "Lim Meng Koon" <ccelimmk () nus edu sg>
Date: Tue, 25 Mar 2003 08:58:21 +0800

There are some differences here, depending on the type of router platform you are using.

some cisco routers perform rpf checks in software, some in hardware.

same thing applies to acls.

if you router supports acls in hardware asics, but software in rpf, you will be better to use acl, since a spoofed DOS 
could make your router very busy doing rpf checks in software, but will not affect much using if you use acls in 
hardware.


regards
mk

-----Original Message-----
From: McKenzie Family [mailto:themac () bigpond net au]
Sent: Sunday, March 23, 2003 3:05 PM
To: security-basics () securityfocus com
Subject: ip verify unicast rpf vs acls on cisco routers?


To drop spoofed packets can you just implement "ip verify unicast rpf" on
border routers instead of creating a whole bunch of spoofing ACL's? Or
should you put both?

Regards


-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.surfcontrol.com/go/zsfsbl1


-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.surfcontrol.com/go/zsfsbl1

Current thread:

RE: ip verify unicast rpf vs acls on cisco routers? Lim Meng Koon (Mar 25)