[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Martian source... Need to have route to other networks via internal interface. What to do?



Sergei Keler wrote:

Next, what you recommend as linux implementation of Cosco's EIGRP? Ciscos use EiGRP to keep routes between them using 192.168.0.254/24 net.

1. EIGRP is proprietary to Cisco, and only runs on Cisco gear.
2. There is nothing in EIGRP that "keep routes between them using 192.168.0.254/24 net".
For a simplified explanation of EIGRP:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr_c/ipcprt2/1cfeigrp.htm

or my website: http://www.911networks.com

The complete documentation for EIGRP is in the command reference.

Martians are used to create denials of service, since they cannot be routed through the Internet, therefore you cannot reply [Internet side] to a request from a martian address.

Martians are dealt at the firewall through either access-list or on Cisco routers by issuing:

ip verify unicast reverse-path

on the outside interface, which verifies that this an address that the router can reach.

--
Thanks
http://www.911networks.com
When the network has to work Cisco/Microsoft

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here