At 09:43 AM 8/12/2002, you wrote: >Paul Jacobs wrote: > > > If network admin's would setup there network right this could > > not happen!. > > A simple command in your cisco powered router config can stop > > forged addresses from getting to your box. That command would > > be "ip verify unicast reverse-path" (no quotes).. > >Congratulations. > >It can, however, still happen if the packets are not spoofed.
And the chance of that happening are? >Plus reverse-path verification is a great CPU hog; better to configure >your router to not accept bogon networks and ensure it only passes IP in >the right direction. Still, this is a Cobalt list, we ain't here to >discuss Cisco router IP setups. I have both reverse-path verification and bogon networks locked up tight on all networks I setup... After all I have to look good, I am CCNA. >Everyone note though that the "can be vulnerable to DoS attacks" comment >still stands if you do have your router configured properly. It's the >logging, and the blocking, which causes the problems. Like I said, keep >your services as secure as possible and everyone's happy. > >Graeme >-- >Graeme Fowler >System Administrator >Host Europe Group PLC > >_______________________________________________ >cobalt-security mailing list >[EMAIL PROTECTED] >http://list.cobalt.com/mailman/listinfo/cobalt-security _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
