FW: Re: Is there a line of defense against Distributed Reflective attacks?
John Kristoff
jtk at aharp.is-net.depaul.edu
Sun Jan 19 13:35:40 UTC 2003
On Sat, Jan 18, 2003 at 10:45:11PM -0600, Chris Adams wrote:
> How is this different than "ip verify unicast reverse-path" (modulo CEF
> problems and bugs, which of course NEVER happen :-) )?
It would be useful for all sorts of things besides verifying a source
address. So in addition to complicated configurations such as multi-
homing/paths that you mention, it could also be useful for standard
filters on protocols, ports, logging and so on.
John
More information about the NANOG
mailing list