SYN spoofing and Ciscos crashing
Daniel Senie
dts at senie.com
Wed Jul 28 20:48:44 UTC 1999
jlewis at lewis.org wrote:
>
> On Wed, 28 Jul 1999, bryan s. blank wrote:
>
> >
> > % ip verify unicast reverse-path
> > %
> > % and according to Paul Ferguson (co-author of RFC 2267) it's in use by
> > % many ISPs. Apparently this is very-low overhead. Paul has also indicated
> > % the use of extended access lists on Cisco routers is very low overhead,
> > % especially on routers using distributed express forwarding.
> >
> > while i hate to question mr. ferguson, it's my understanding
> > that many isps have found this feature to be unusable due to
> > network design.
>
> I just took out a 7206 by applying ip verify unicast reverse-path to a T3
> link on a PA2T3 and attempting to spoof packets from the POP on the other
> end of that T3.
>
> The 7206 is running c7200-inu-mz.111-25.CC. Fortunately, it rebooted
> after it crashed.
>
> System restarted by bus error at PC 0x605F88CC, address 0x10024 at
> 20:29:49 UTC Wed Jul 28 1999
>
> This router had been up over 8 weeks without a crash (ever since Cisco
> replaced the previous 7206 in this POP that was either posessed or a
> lemon). The memory is Cisco memory. All the parts came directly from
> Cisco.
>
> Is this known to be unstable in 111-25.CC? Is it known to be stable in
> some other release that supports the PAT3, PA2T3, and PA-MCT3?
In a note off-list, Jack Crowder said:
"Actually there was a bug in 11.1.26CC. Supposedly, 11.1.27CC has the
fix
incorporated."
I suspect the version of IOS (.25) you're trying to use has whatever bug
is referenced as being in .26.
--
-----------------------------------------------------------------
Daniel Senie dts at senie.com
Amaranth Networks Inc. http://www.amaranthnetworks.com
More information about the NANOG
mailing list