SYN spoofing and Ciscos crashing

Daniel Senie dts at senie.com
Wed Jul 28 20:48:44 UTC 1999


jlewis at lewis.org wrote:
> 
> On Wed, 28 Jul 1999, bryan s. blank wrote:
> 
> >
> > %     ip verify unicast reverse-path
> > %
> > % and according to Paul Ferguson (co-author of RFC 2267) it's in use by
> > % many ISPs. Apparently this is very-low overhead. Paul has also indicated
> > % the use of extended access lists on Cisco routers is very low overhead,
> > % especially on routers using distributed express forwarding.
> >
> >       while i hate to question mr. ferguson, it's my understanding
> >       that many isps have found this feature to be unusable due to
> >       network design.
> 
> I just took out a 7206 by applying ip verify unicast reverse-path to a T3
> link on a PA2T3 and attempting to spoof packets from the POP on the other
> end of that T3.
> 
> The 7206 is running c7200-inu-mz.111-25.CC.  Fortunately, it rebooted
> after it crashed.
> 
> System restarted by bus error at PC 0x605F88CC, address 0x10024 at
> 20:29:49 UTC Wed Jul 28 1999
> 
> This router had been up over 8 weeks without a crash (ever since Cisco
> replaced the previous 7206 in this POP that was either posessed or a
> lemon).  The memory is Cisco memory.  All the parts came directly from
> Cisco.
> 
> Is this known to be unstable in 111-25.CC?  Is it known to be stable in
> some other release that supports the PAT3, PA2T3, and PA-MCT3?

In a note off-list, Jack Crowder said:

"Actually there was a bug in 11.1.26CC.  Supposedly, 11.1.27CC has the
fix 
incorporated."

I suspect the version of IOS (.25) you're trying to use has whatever bug
is referenced as being in .26.

-- 
-----------------------------------------------------------------
Daniel Senie                                        dts at senie.com
Amaranth Networks Inc.            http://www.amaranthnetworks.com




More information about the NANOG mailing list