Wow, I wonder what cisco would do with my wish list: ip verify unicast reverse-exists i.e. only accept the packet on this interface if there is a route back to the source, *not necessarily on the same interface*.. This should be safe to use on all interfaces and could use the existing CEF FIB, and might catch a lot of spoofed packets on a good day. ip verify unicast destination-advertised This would check the destination address on any packet coming into an interface, and drop it if a route to that destination WASNT advertised out of that interface - /ideal/ for NAPs & IX's. Couldnt use the existing cef tables, cisco would need to write an advertised-table for each interface. Again this should be safe to use on almost any interface. Regards James On Mon, 25 Sep 2000, Tony Tauber wrote:
I was the one who asked for something like it and a friendly developer coded it up nice and quickly.