Most of us can't "ip verify unicast reverse-path" our upstreams. - Jared On Fri, Oct 01, 1999 at 12:42:40PM -0300, Rubens Kuhl Jr. wrote:
deny ip host 0.0.0.0 any log deny ip 127.0.0.0 0.255.255.255 any log deny ip 10.0.0.0 0.255.255.255 any log deny ip 172.16.0.0 0.15.255.255 any log deny ip 192.168.0.0 0.0.255.255 any log deny ip xxx.xxx.xxx.0 0.0.0.255 any log deny ip 224.0.0.0 31.255.255.255 any log
Routing those networks to nul0 and turning 'ip verify unicast reverse-path' on CEF-enabled Cisco routers does this without CPU load or does not ?
Rubens Kuhl Jr.
-- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine. END OF LINE |