用來避免被DDoS的command....
IOS Router也適用..
The ip verify reverse-path command is a security feature that does a route lookup based on the source address. Usually, the route lookup is based on the destination address. This is why it is called reverse path forwarding. With this command enabled, packets are dropped if there is no route found for the packet or the route found does not match the interface on which the packet arrived.
The ip verify reverse-path command lets you specify which interfaces to protect from and IP spoofing attack using network ingress and egress filtering, which is described in RFC2267. This command is disabled by default and privides Unicast Reverse Path Forwarding (Unicast RRF) functionality for the PIX firewall.
The clear ip verify command removes ip verify commands from the configuration.
Unicast RRF is a unidirectional input function that screens inbound packets arriving on an interface. Outbounding packets are not screened.
Because of the danger of IP spoofing in the IP protocol, measures need to be taken to reduce this risk when possible. Unicast RRF, or reverse route lookup, prevents such manipulation under certain circumstances.
The ip verify reverse-path command depends on the existence of a default route statement in the configuration for the outside interface that has 0.0.0.0 0.0.0.0 in the route command statement for the IP address and network mask.
IOS Router也適用..
The ip verify reverse-path command is a security feature that does a route lookup based on the source address. Usually, the route lookup is based on the destination address. This is why it is called reverse path forwarding. With this command enabled, packets are dropped if there is no route found for the packet or the route found does not match the interface on which the packet arrived.
The ip verify reverse-path command lets you specify which interfaces to protect from and IP spoofing attack using network ingress and egress filtering, which is described in RFC2267. This command is disabled by default and privides Unicast Reverse Path Forwarding (Unicast RRF) functionality for the PIX firewall.
The clear ip verify command removes ip verify commands from the configuration.
Unicast RRF is a unidirectional input function that screens inbound packets arriving on an interface. Outbounding packets are not screened.
Because of the danger of IP spoofing in the IP protocol, measures need to be taken to reduce this risk when possible. Unicast RRF, or reverse route lookup, prevents such manipulation under certain circumstances.
The ip verify reverse-path command depends on the existence of a default route statement in the configuration for the outside interface that has 0.0.0.0 0.0.0.0 in the route command statement for the IP address and network mask.
文章標籤
全站熱搜
網路技術 (3)