North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Internet SYN Flooding, spoofing attacks
We (at least cisco, anyways) already have a knob for this: [no] ip verify unicast reverse-path We call it Unicast RPF. And its well documented... NOT and available on all routers/interfaces... NOT If it was documented and available on things like PRIs then it would be a lot easier to deploy. Also some of the bugs that turn off CEF need to be addressed (or at least also cause "ip verify unicast reverse-path" to be turned off too). Mark.