North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
RE: Network Operators and smurf
- From: barton
- Date: Sat Apr 25 16:17:52 1998
>Current recipe for anti-forging with Cisco hardware:
> o Pick up CEF code (11.1(17)CC, which doesn't yet (?) exist for all
> Cisco platforms, unfortunately)
> o Configure:
> ip cef switch
> ! or "ip cef distributed switch" for an RSP+VIP2 based box
> interface whatever
> ip verify unicast reverse-path
I don't know what exact configs are vulnerable, but don't try this
on a 7206 if you have a PA-8T with frame relay on it.
I had CEF only on PA-2T3 ports and F0/0 on the controller card and yet
all frame relay connections on multiple T1s on the PA-8T were trashed.
cscdj87169 is not resolved yet.