Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Network Probes

  • From: Scott McGrath
  • Date: Fri Mar 10 11:27:07 2000

Thank you sir may I have another.... :-)

I had a vague recollection of that command from a 7000 session at Networkers
but I was not really sure what was required as we have mostly 2/3/4XXX series
routers around here with 7XXX and AGS+!!! (still going...) at the core

Thanks - Scott

Paul Ferguson wrote:

> At 05:53 PM 03/09/2000 -0500, Scott McGrath wrote:
>
> >I cannot find anything in the literature about this attack method, As a
> >WILD guess
> >it is a mutation of one of the DDOS tools with new ports. but this
> >underscores the importance of martian filters on border routers and also
> >filtering outbounds
> >so that spoofed addresses cannot leave your border routers.  Cisco also has
> >an
> >obscure command to verify the path but it drops the router into process
> >switch mode
> >as I recall,  If I am wrong please correct
>
> You're wrong.  :-)
>
> I think you're talking about "ip verify unicast reverse-path",
> or what we also call Unicast RPF, which requires CEF switching
> (which is definately _not_ process level switching).
>
> - paul






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.