In some mail from Hugh LaMaster, sie said: [...] > > > The simplest ingress filtering to stop IP address > > > spoofing on a Cisco is simply to apply the following > > > to stub network interfaces: > > > > > > ip verify unicast reverse-path > > > > > > I assume that this is mostly what people are talking about > > > in this context. > > > > How recent is this in terms of IOS releases ? > > Well, it was/is in 11.1(17)CC and later CC images, which > goes back about 2 or 2-1/2 years or so, and, it has been > in all 12.0(x)S. I'm not sure about all other 12.0 images, > since we have used 11.1(x)CC and 12.0(x)S images since I've been > here - but, the web pages imply that it is in most/all 12.0 images; > the -CC and -S trains are the so-called ISP versions, > which transit ISPs use, and, which many campuses and Tier 2-4 > providers should probably also use on their borders and aggregation > routers. Hmm,from a 1720: gw#show version 21:07:33: %SYS-5-CONFIG_I: Configured from console by console Cisco Internetwork Operating System Software IOS (tm) C1700 Software (C1700-Y-M), Version 12.0(3)T3, RELEASE SOFTWARE (fc1) Copyright (c) 1986-1999 by cisco Systems, Inc. Compiled Thu 15-Apr-99 13:58 by kpma Image text-base: 0x80008088, data-base: 0x804FC75C ROM: System Bootstrap, Version 12.0(1)XA1, RELEASE SOFTWARE (fc1) ... gw(config)#ip verify unicast reverse-path ^ % Invalid input detected at '^' marker. Darren
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:35:31 PDT