SYN spoofing

bryan s. blank bryan at supernet.net
Wed Jul 28 15:54:03 UTC 1999


% 	ip verify unicast reverse-path
% 
% and according to Paul Ferguson (co-author of RFC 2267) it's in use by
% many ISPs. Apparently this is very-low overhead. Paul has also indicated
% the use of extended access lists on Cisco routers is very low overhead,
% especially on routers using distributed express forwarding.

	while i hate to question mr. ferguson, it's my understanding
	that many isps have found this feature to be unusable due to
	network design.


----------------------------------------------------------------------------- 
bryan s. blank                                             bryan at supernet.net
                                                           (443)394-9529 tele
                                                           (410)995-2191 page
							   (410)802-6998 emer




More information about the NANOG mailing list