nanog mailing list archives

Re: SYN spoofing

From: "Forrest W. Christian" <forrestc () iMach com>
Date: Wed, 28 Jul 1999 19:36:50 -0600 (MDT)


On Wed, 28 Jul 1999, Daniel Senie wrote:

Cisco implemened a feature called "Unicast RPF" That disallows
forwarding of packets on an interface where a reverse path is not
present. The command to activate it is:

      ip verify unicast reverse-path


This only works if you have CEF turned on.   And...  Turning CEF on in a
4500 series router w/64mb ram & 2 BGP views just plain isn't good.

Now, if we could get CEF to only cache non BGP routes....

- Forrest W. Christian (forrestc () imach com) KD7EHZ
----------------------------------------------------------------------
iMach, Ltd., P.O. Box 5749, Helena, MT 59604      http://www.imach.com
Solutions for your high-tech problems.                  (406)-442-6648
----------------------------------------------------------------------

Current thread:

SYN spoofing bandregg (Jul 26)
- Re: SYN spoofing Dan Hollis (Jul 26)
  - Re: SYN spoofing John Fraizer (Jul 28)
    - Re: SYN spoofing Joe Shaw (Jul 28)
    - Re: SYN spoofing Daniel Senie (Jul 28)
    - Re: SYN spoofing Greg A. Woods (Jul 28)
    - Re: SYN spoofing Vijay Gill (Jul 28)
    - Re: SYN spoofing Wayne Bouchard (Jul 28)
    - Re: SYN spoofing Daniel Senie (Jul 28)
    - Re: SYN spoofing Forrest W. Christian (Jul 28)
    - Re: SYN spoofing Deepak Jain (Jul 28)
    - Re: SYN spoofing Dan Hollis (Jul 28)
    - Re: SYN spoofing batz (Jul 28)
    - Re: SYN spoofing Dan Hollis (Jul 28)
    - Re: SYN spoofing Jeremy Porter (Jul 28)
    - Re: SYN spoofing Dan Hollis (Jul 28)
    - Re: SYN spoofing Jeremy Porter (Jul 28)
    - Re: SYN spoofing Dan Hollis (Jul 28)
    - Re: SYN spoofing John Fraizer (Jul 30)
- <Possible follow-ups>
- Re: SYN spoofing Deepak Jain (Jul 28)