Thank you sir may I have another.... :-) I had a vague recollection of that command from a 7000 session at Networkers but I was not really sure what was required as we have mostly 2/3/4XXX series routers around here with 7XXX and AGS+!!! (still going...) at the core Thanks - Scott Paul Ferguson wrote:
At 05:53 PM 03/09/2000 -0500, Scott McGrath wrote:
I cannot find anything in the literature about this attack method, As a WILD guess it is a mutation of one of the DDOS tools with new ports. but this underscores the importance of martian filters on border routers and also filtering outbounds so that spoofed addresses cannot leave your border routers. Cisco also has an obscure command to verify the path but it drops the router into process switch mode as I recall, If I am wrong please correct
You're wrong. :-)
I think you're talking about "ip verify unicast reverse-path", or what we also call Unicast RPF, which requires CEF switching (which is definately _not_ process level switching).
- paul