|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Internet SYN Flooding, spoofing attacks
We (at least cisco, anyways) already have a knob for this:
[no] ip verify unicast reverse-path
We call it Unicast RPF.
And its well documented... NOT
and available on all routers/interfaces... NOT
If it was documented and available on things like PRIs then it would
be a lot easier to deploy. Also some of the bugs that turn off CEF
need to be addressed (or at least also cause "ip verify unicast
reverse-path" to be turned off too).
Mark.
|