Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Network Operators and smurf

  • From: barton
  • Date: Sat Apr 25 16:17:52 1998

>Current recipe for anti-forging with Cisco hardware:

> o Pick up CEF code (11.1(17)CC, which doesn't yet (?) exist for all
>   Cisco platforms, unfortunately)

> o Configure:

>   !
>   ip cef switch
>   ! or "ip cef distributed switch" for an RSP+VIP2 based box
>   !
>   interface whatever
>     ip verify unicast reverse-path
>   !

I don't know what exact configs are vulnerable, but don't try this
on a 7206 if you have a PA-8T with frame relay on it.

I had CEF only on PA-2T3 ports and F0/0 on the controller card and yet
all frame relay connections on multiple T1s on the PA-8T were trashed.

cscdj87169 is not resolved yet.




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.