nanog mailing list archives

Re: Internet SYN Flooding, spoofing attacks

From: Mark Prior <mrp () connect com au>
Date: Sat, 12 Feb 2000 23:18:54 +1030


     We (at least cisco, anyways) already have a knob for this:

       [no] ip verify unicast reverse-path

     We call it Unicast RPF.

And its well documented... NOT
and available on all routers/interfaces... NOT

If it was documented and available on things like PRIs then it would
be a lot easier to deploy. Also some of the bugs that turn off CEF
need to be addressed (or at least also cause "ip verify unicast
reverse-path" to be turned off too).

Mark.

Current thread:

Re: Internet SYN Flooding, spoofing attacks Vijay Gill (Feb 11)
- <Possible follow-ups>
- Re: Internet SYN Flooding, spoofing attacks Paul Ferguson (Feb 11)
  - Re: Internet SYN Flooding, spoofing attacks Vijay Gill (Feb 11)
  - Message not available
    - Re: Internet SYN Flooding, spoofing attacks Paul Ferguson (Feb 11)
- Re: Internet SYN Flooding, spoofing attacks Mark Prior (Feb 12)
- Re: Internet SYN Flooding, spoofing attacks Mark Prior (Feb 12)