In some mail from Hugh LaMaster, sie said:
[...]
> > > The simplest ingress filtering to stop IP address
> > > spoofing on a Cisco is simply to apply the following
> > > to stub network interfaces:
> > >
> > > ip verify unicast reverse-path
> > >
> > > I assume that this is mostly what people are talking about
> > > in this context.
> >
> > How recent is this in terms of IOS releases ?
>
> Well, it was/is in 11.1(17)CC and later CC images, which
> goes back about 2 or 2-1/2 years or so, and, it has been
> in all 12.0(x)S. I'm not sure about all other 12.0 images,
> since we have used 11.1(x)CC and 12.0(x)S images since I've been
> here - but, the web pages imply that it is in most/all 12.0 images;
> the -CC and -S trains are the so-called ISP versions,
> which transit ISPs use, and, which many campuses and Tier 2-4
> providers should probably also use on their borders and aggregation
> routers.
Hmm,from a 1720:
gw#show version
21:07:33: %SYS-5-CONFIG_I: Configured from console by console
Cisco Internetwork Operating System Software
IOS (tm) C1700 Software (C1700-Y-M), Version 12.0(3)T3, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Thu 15-Apr-99 13:58 by kpma
Image text-base: 0x80008088, data-base: 0x804FC75C
ROM: System Bootstrap, Version 12.0(1)XA1, RELEASE SOFTWARE (fc1)
...
gw(config)#ip verify unicast reverse-path
^
% Invalid input detected at '^' marker.
Darren
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:35:31 PDT