SYN spoofing and Ciscos crashing

Daniel Senie dts at
Wed Jul 28 20:48:44 UTC 1999

jlewis at wrote:
> On Wed, 28 Jul 1999, bryan s. blank wrote:
> >
> > %     ip verify unicast reverse-path
> > %
> > % and according to Paul Ferguson (co-author of RFC 2267) it's in use by
> > % many ISPs. Apparently this is very-low overhead. Paul has also indicated
> > % the use of extended access lists on Cisco routers is very low overhead,
> > % especially on routers using distributed express forwarding.
> >
> >       while i hate to question mr. ferguson, it's my understanding
> >       that many isps have found this feature to be unusable due to
> >       network design.
> I just took out a 7206 by applying ip verify unicast reverse-path to a T3
> link on a PA2T3 and attempting to spoof packets from the POP on the other
> end of that T3.
> The 7206 is running c7200-inu-mz.111-25.CC.  Fortunately, it rebooted
> after it crashed.
> System restarted by bus error at PC 0x605F88CC, address 0x10024 at
> 20:29:49 UTC Wed Jul 28 1999
> This router had been up over 8 weeks without a crash (ever since Cisco
> replaced the previous 7206 in this POP that was either posessed or a
> lemon).  The memory is Cisco memory.  All the parts came directly from
> Cisco.
> Is this known to be unstable in 111-25.CC?  Is it known to be stable in
> some other release that supports the PAT3, PA2T3, and PA-MCT3?

In a note off-list, Jack Crowder said:

"Actually there was a bug in 11.1.26CC.  Supposedly, 11.1.27CC has the

I suspect the version of IOS (.25) you're trying to use has whatever bug
is referenced as being in .26.

Daniel Senie                                        dts at
Amaranth Networks Inc.  

More information about the NANOG mailing list