|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: SYN spoofing
% ip verify unicast reverse-path
%
% and according to Paul Ferguson (co-author of RFC 2267) it's in use by
% many ISPs. Apparently this is very-low overhead. Paul has also indicated
% the use of extended access lists on Cisco routers is very low overhead,
% especially on routers using distributed express forwarding.
while i hate to question mr. ferguson, it's my understanding
that many isps have found this feature to be unusable due to
network design.
-----------------------------------------------------------------------------
bryan s. blank bryan@supernet.net
(443)394-9529 tele
(410)995-2191 page
(410)802-6998 emer
|